How to effectively remove Malware in Win2K

Hi, we've been attacked by malware (I think); everytime I think I found where it lives; it's back again.
registry hacks to HKLM\SOFTWARE\MICROSOFT\WINDOWS\Currentversion\Run don't to work because
they get reloaded. Some of the files installed by this attack are:

mt.exe (redirects browser to porn site)
winupd.exe
svchosts.exe

these files are randomly seeded throught the OS

on the root of c:\ it sometimes adds:
Java.exe
bar.exe
bars.exe

on network servers; administrative shares get removed

I think these symptoms may also apply to W32.spybot.worm.

PLEASE HELP! :)

thanks,
NT
NTucciAsked:
Who is Participating?
 
MicrotechConnect With a Mentor Commented:
thanks... not on the decaff today
0
 
MicrotechCommented:
Hi NTucci,

experts have put a pge together just for this solution at http://www.experts-exchange.com/Web/Browser_Issues/Q_20975384.html

Hope This helps
0
 
LucFEMEA Server EngineerCommented:
Hi NTucci,

You can find a list of tools here:
http://www.experts-exchange.com/Q_20975384.html

I suggest you to run at least Ad-aware fully updated on the troubling computers.
And run stinger from http://vil.nai.com/vil/stinger/ to get rid of the spybot worm.

Make sure that you do both in safe mode and without any connection to the network to prevent the system from infecting others.

If that doesn't help, get yourself hijackthis and post the logfile it creates here so we can take a look at it.

Greetings,

LucF
0
 
LucFEMEA Server EngineerCommented:
nice timing Microtech :)
0
All Courses

From novice to tech pro — start learning today.