Hi, we've been attacked by malware (I think); everytime I think I found where it lives; it's back again.
registry hacks to HKLM\SOFTWARE\MICROSOFT\WINDOWS\Currentversion\Run don't to work because
they get reloaded. Some of the files installed by this attack are:
mt.exe (redirects browser to porn site)
these files are randomly seeded throught the OS
on the root of c:\ it sometimes adds:
on network servers; administrative shares get removed
I think these symptoms may also apply to W32.spybot.worm.
PLEASE HELP! :)