Process exhausting memory resources

karaka
karaka used Ask the Experts™
on
We seem to have a trojan /worm of some sort which is chewing up all local resources on client pc's. the processes in question are "spools.exe" "at.exe" "sc.exe" tol mention a few. This istarted happening today and is slowly but surely finding its mark on all pc's thru out our domain. Has anyone heard of anything doing the rounds and infecting mayheim. Can't find anything anywhere. Have the latest Sophos updates using Sophos Enterprise Protection v9.0
It has no bounderies infecting windows xp sp3 clients, server w2k3,
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Download and run ccleaner from http://www.ccleaner.com

Temporarily disable Sophos and run ComboFix which you can find here http://download.bleepingcomputer.com/sUBs/ComboFix.exe

You'll need to have a look at the ComboFix docs which you can find here http://www.bleepingcomputer.com/combofix/how-to-use-combofix


Commented:
Combofix will not work on Win2k3, nor higher versions of Windows than XP.

So in case it finds and disables the culprit, you will have to check through its logs for deleted items and registry keys, and then manually apply this to the 2k3 machines.
I'm not suggesting running CF on the server... moreso on a client PC to try to isolate the cause of the problem. If you can isolate the cause, you can tackle it. Given that Sophos is not identifying the problem, ComboFix even though it is not intended for use as a scanner should be able to at leat identify the problem and we can decide how to tackle it then.
Commented:
After some too and frowing we finally got a solution (virus signature update) from sophos which thankfully we rolled out to all clients immediately and have started cleaning are network of this trojan. (w32/mofksys-a). It has taken most of the day to implement but we aee a light at the end of the tneel. Not really happy with sophos support as they were unaware of the trojan to start with but glad we are on the recovery road. Thank you for your prompt support and advice but it wasn't needed this time. Regards

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial