I'm sad to say you that there's some variants of this virus, and that some can be eliminated, but some (the newest ones) not.
And also, usually, they prevent you to install or run other antiviruses.
It install itself in the system files, and add a "safety copy" of itself in the cache folder of the system files, registering itself as "indispensable and protected process" in the windows registry and safety files ..... this means, from the other things, that each time that you remove it, regardless if with an antivirus or manually, your own operating system rewrite it from the cache copy, thinking that you have deleted an indispensable system file.
Some variants does not attack directly the siystem files, limiting the action to register themselves as system files, so can be removed, using the last version of ComboFix and after a good antivirus scanner (may be used VirIt from TGSoft, have 30 days of free trial and scan also the memory)..... some other versions corrupt system files rewriting them, and in the most part of the cases, cannot be cleaned without a complete reformat.
If the ComboFix tool say you that there's "rootkit" hooks detected, it require an additional step : you need to note down the references to the hooks and the files that have caused them, then:
1 - check on a clean machine with the same OS if these file names are present in the same position (usually system32 folders) ..... if they are NOT present, you can ignore this, if instead they are present, you must copy them from the clean machine on a usb key or similar (probably you need to set the machine for show hidden/system files, for check that).
2 - restart the infected machine in safe mode, open file explorer, set all the folders for show hidden and system files, go FIRST in the cache folder (usually windows\system32\dllcache) and delete (if not present on the clean machine) or overwrite (if present on clean machine) the files that you had noted before - do it FIRST in this folder.
3 - do the same thing in the system32 (or in any other directory where ComboFix said you that the files was).
restart and re-launch ComboFix and check if it say you again that there are others rootkit hooks ..... if yes, left it try to clean them on the restart, then restart again (yes, 2 times) and re-launch again ComboFix ..... if also the this time it detect the rootkit hooks, then the virus is one of the new ones that cannot be deleted, cause write its own code inside some of the system files ..... in this case, i'm sad to say, the only way for eliminate it, is to reformat all the hard disk (complete format, not quuick format), and reinstall the OS (and if you have more than one disk connected, you need to disconnect all them, then reformat and reinstall the OS, then install a good antivirus, update it, and only at this point reconnect the other disks, one by one, making a full scan of each one).
If instead the last time ComboFix say you that the system is cleaned, install and run immediately the VirIt or the MalwareBytes tools (or both, one at a time), doing a full scan also with them (cause, sometimes, these virus are not just virus, but also "virus droppers" or "trojan droppers", and self-downloads other viruses and trojans from different sites, and a single module cannot take care of all the threats.
I know that this is a long operation, but with those new types of viruses, it's the only one that give some hopes.
EDIT: i forgot to say, sometimes they prevent you also to run ComboFix, then you need to do it in safe mode.
