NCJUA
asked on
Terminal Servers with Roaming Profiles. Remove spyware and it comes back!
I am running 3 windows 2003 servers using terminal servers. We also use roaming profiles. We do use the uph Cleanup on the profiles. We have had servers infected with many spyware problems, we clean them. Users log back on and it infects it again. Anyone have a clue to why it would keep re creating this spyware?
ASKER
We purchased the viper software, but was a dead end on the roaming profiles. ( so it seemed) I am using spybot now - I will try and boot in safe mode and run. Thanks a bunch and will let you know how it turns out!
Also run Hitmanpro to see if it detects anything
http://www.surfright.nl/en/hitmanpro
Any name on the Malware?
Can you post scanner logfiles?
http://www.surfright.nl/en/hitmanpro
Any name on the Malware?
Can you post scanner logfiles?
ASKER
going to run it at lunch in safemode and will post results. I just love yaw!
Run Hitmanpro in normal mode :)
ASKER
I ran hitmanpro yesterday. It found nothing. The next morning when users logged back on, the spysherriff appeared again.
I also deleted all roaming profiles.
I also deleted all roaming profiles.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Here the unknown. that program is top notch compared to task manager! Thanks!
untitled1.bmp
untitled1.bmp
Yeah, way better!
Print screen got cut off. Can you post the entire output of process explorer :)
Print screen got cut off. Can you post the entire output of process explorer :)
ASKER
There were only a few showing unable to verify - from IBM that i think are ok and a miniwinagent.exe. ( I am scanning a malwarebytes now)
It looks ok now, but i did clean everthing up this morning. I just wonder what will be there on Monday. At least witht the tool you showed me, I can pin point much better! Thanks!
It looks ok now, but i did clean everthing up this morning. I just wonder what will be there on Monday. At least witht the tool you showed me, I can pin point much better! Thanks!
For miniwinagent.exe :
double click it in process explorer to find its path and upload it to virustotal
Post results if found as bad
http://www.virustotal.com/ :)
double click it in process explorer to find its path and upload it to virustotal
Post results if found as bad
http://www.virustotal.com/ :)
I'm uncertain as to what suites you are using for scanning. You might try malwarebytes (it's free and reliable).
www.malwarebytes.org