Virus on Network

Posted on 2005-05-12
Last Modified: 2010-03-18
I am having a virus (Spyware) on network (with the process name of windowsp.exe). I notice that this one come with a package of different spayware and adware like powerscan, optimize, canada.exe and so on. All other threats in the package can be various except windowsp.

I stress windowsp here for three reasons: no info about this one; the pc with "windowsp" tries to logon to windows domain with fixed user name and catched user name along with predefined (fixed) password (not dictionary, more like brute attack); nothing can identify windowsp as a dirty process or windowsp.exe as a suspicious threat.

Manually removal is possible, but on half of the infected computers, this threat come back in the previously mentioned package.

Asking some users changed their password does not work.

Removing deafult sharing does not help.

Most of the time the original source file is called P.exe (or I.exe occasionally) locate in root of drive C:

Change IP on workstation does not work.

Time for the threat to work is pre-set or when you power on the machine.

 It disable Norton real-time protection and defination update (not 100%).

Had a failure experience with windows update (Update is done but threat came back in the same time).

No obvious remote session has taken my attention.

On previously infected PC, it can come back without you opening IE.

There is a lot others I see here like the open ports, etc.

Thanks for your comments.
Question by:igmp
    1 Comment
    LVL 20

    Accepted Solution


    I would sugest you to purge JAVA cache and resize (if not to disable cashing JAVA applets) space alocated for JAVA cache ( from JAVA Control Panel applet).
    On Windows XP computers disable System Restore.
    Run also hard-disk cleaner (  
    Then run and excellent on-line antivirus scanner from capable of scanning and disinfecting even networked computers and mounted volumes,shared folders and partitions curently available on your LAN.
    On infected computers enable  entire hard-disks sharing ( c:\  ) and than scan them from remote systems on the network.

    good luck

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
    This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now