cidrive32.exe worm

Hi,

Has anyone heard of this process/file? It appears to be a worm that has spread its way across my two home networked pcs (windows xp sp3 with all updates). I searched major geeks forums for the keyword but got no results :confused

I have of course tried the typical major geeks removal procedure to no avail as well (hence this post and cry for help).

I have not found much on it from google either (no removal tools or good anti-virus software that can eradicate it completely), other than a lame suggestion such as go to safe mode and delete the files and registry entries (tried and doesn't work as they just keep coming back).

Basically it typically shows up in my task manager processes every few hours as cidrive32.exe (a file with this name also appears in the c:/windows directory) and some other process named xxx.exe (where x is some number e.g. 920.exe). The xxx.exe files are located in c:/documents and settings/username/local settings/temp/

Also there are sometimes other files that appear such as ndll.exe in c:/windows and others(e.g. msvmcls64.exe) in the system32 folder. Most of these exe files also have a visual basic icon (rather than the typical cmd icon). And going into the properties of these exes the Product Name is Projekt1, and Product Version is 1.00.

There are also some registry and/or start up entries for these processes which I have tried deleting time and time again but they keep replicating, hence its a son-of-a-worm.

Now I'm not too concerned with the privacy/security of my data at this point (if the worm wanted to steal it over the internet its probably done so by now as I've had it for about 4 days), so I am not contemplating a reformat/reinstall of the entire pc (way too many large files on here which I have no way to backup if I were to reformat).

Noticeable results of the worm in operation include slowing down of the pc and blocking of my internet (e.g. I cannot go to any website or click any link on open websites, but when I terminate the two processes - cidrive32.exe and xxx.exe, my internet browsing will typically be restored). Everything else is fine as far as I can tell, I can still do everything I typically do on the pc. Also it seems like the more you try to delete the files the faster they replicate and come back


So just to remind people, I am more interested in finding a solution to a complete removal of this worm (and so that others who may become affected can come across this solution) rather than just having a worm-free pc via a reformat/reinstall solution (not possible for me).

Any and all help from the hard-working volunteers/experts is appreciated.