Anyone else come across this one? I have a client with it on the system and at this stage it only shows itself as a change to a bank login page (asks for full pin and password - otherwise a perfect copy of the original). I am told that the virus changes it's signatures through access to a server and has been known to kill itself. Kaspersky will stop it getting onto a system but is unable to remove it once present. The only other AV package supposed to be able to stop it is F-Secure. It also attaches itself to the MBR and again I am told that this cannot be cleared, even with a low level format so the recommendation is to replace the hard drive. This last came from the NatWest Bank who seem very worried but do not have any other solution. It has been around for about 18 months but is so good at hiding itself that there is no real idea of how many infected machines there are out there. Propagation by email attachments and websites. I was able to remove it from this system once using Hijackthis but the client revisited the website (a family history site we think) and promptly reinfected the machine. I have been instructed to replace the hard drive so that is what I will do. Anybody have anything to add to that lot?