This virus (they call it a trojan - I have no idea why) was reported in 2005. Microsoft *fixed* the security hole in 2003 (according to Symantec).
As usual, this parasite has many names - W32.Licum (Symantec) W32/Gael.worm.a (McAfee) Virus.Win32.Tenga.a (kaspersky)
The infected system was running a version of Trend Micro that was supposed to find this - and to some extent, it did - but not until over 400 exe files had been modified. At that point, the "anti-virus" software started quarantining the infected files. That is totally worthless, how about protecting the system?
The "risk" for this virus is classified as low
Removal: Easy Damage Level: Low
Some may continue to work ... however, many don't. For instance, the system will no longer install new programs, System Restore is disabled, and the event log won't display anything even though the files exist.
You can identify infected files by searching (using AgentRansack) for the following
utenti.lycos.itAny exe file containing that string is infected.
It is curious that many windows function won't work even though none of the obviously infected files are located in the windows directory. Normally, that would imply a secondary infection, but reviewing the data indicates that licum appeared on the system at the same time symptoms appeared.
The Error Message
Only part of a ReadProcessMemory or WriteProcessMemory request was completed.I created this page specifically because searching for this message found nothing related to the virus - all I could find was about some dvd problem.
Here is a possible fix
Notes on the Infection
Based on file dates, initially only one file on the main system was infected. Two days later, 2 more files were infected. Two day later, 430 files were infected with in about a 30 minute window.
Two days later, 2 more computers on the same network were infected.
In each case, the computer lost the ability to install new software.
I always advise people to use a router to connect to the internet ... but that was not a simple option in this case. In order to do that, one computer would have to be dedicated as the modem connection and a router would have to go on its output - thus this configuration would have become a $600 router.
And besides, he had the Microsoft firewall enabled and he was running antivirus software. (Maybe that's why they call it a trojan - the software only detects viruses.)
Several of the pages linked to above give the addresses of the exe files downloaded by this virus and indicate that those files are no longer available. I have verified that myself - the 3 exe files related to this virus are no longer at the site encoded in the infected exe's. Apparently, those files are used only when spreading the virus via a web page - obviously other methods are still being used.
Paying for professional protection will not protect you.
At least removal is easy - just erase the hard drive and start over.