A very BIG Virus Problem.
Working with a company that has 15 terminals. Almost all of them have gotten a program installed that shows no name, but immediately after a few office updates are removed from the system. To date, ESET NOD32 Version 4 has not been able to detect this - even with a bootable CD. AVG has not found it either. Malware Bytes Anti-Malware does not find it and it gets Error 732 when trying to update.
This is a big problem, as it sure seems like a virus, but I have yet to be able to identify or kill it with confidence. It seems to make browsing the net this side of impossible - with 2 or 3 searces, the user must reboot. And slows computer.
LogPic.jpg
This is a big problem, as it sure seems like a virus, but I have yet to be able to identify or kill it with confidence. It seems to make browsing the net this side of impossible - with 2 or 3 searces, the user must reboot. And slows computer.
LogPic.jpg
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Do you know the process name / hash?
i would try uploading the file to prevx.com or virustotal.com in order to clarify deinfection methods
also - if you can get your hands on mcafee's getsusp
i would try uploading the file to prevx.com or virustotal.com in order to clarify deinfection methods
also - if you can get your hands on mcafee's getsusp
If unsuccessful, try Hitman Pro 3, a Second Opinion Malware Scanner. It's often quite successsful:
http://www.surfright.nl/en/hitmanpro
If still unresolved i suggest running Combofix.
Download ComboFix and save to your Desktop, from here>
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Before using ComboFix please disable any realtime Anti-virus, Anti-spyware, Shields, etc. that you may have running.
Also it may be necessary to rename ComboFix.exe (to Combo-Fix.exe for example), before saving it to your desktop. If you have difficulties downloading it, try downloading to another machine, then into a USB memory stick or CD. Rename it and carry to the infected machine.
Double click "combofix.exe" and follow the prompts.
When it's finished it will have produced a Logfile, probably at C:\ComboFix.txt.
You could post that log here please.
In case of unfamiliarity, please do not mouseclick Combofix's window while it is running because it may stall. It is absolutely normal for you to see a blue screen with flashing cursor, and this can last for up to 25 mins.
ComboFix must be run in normal mode.
http://www.surfright.nl/en/hitmanpro
If still unresolved i suggest running Combofix.
Download ComboFix and save to your Desktop, from here>
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Before using ComboFix please disable any realtime Anti-virus, Anti-spyware, Shields, etc. that you may have running.
Also it may be necessary to rename ComboFix.exe (to Combo-Fix.exe for example), before saving it to your desktop. If you have difficulties downloading it, try downloading to another machine, then into a USB memory stick or CD. Rename it and carry to the infected machine.
Double click "combofix.exe" and follow the prompts.
When it's finished it will have produced a Logfile, probably at C:\ComboFix.txt.
You could post that log here please.
In case of unfamiliarity, please do not mouseclick Combofix's window while it is running because it may stall. It is absolutely normal for you to see a blue screen with flashing cursor, and this can last for up to 25 mins.
ComboFix must be run in normal mode.
If (or when) you run Malwarebytes again, try the following if you're still getting error 732 >>
Control panel > internet options > connections tab > "LAN settings" button,
then uncheck the box "use a proxy server", and instead check box "automatically detect settings."
Apply, and ok your way out.....now try updating Malwarebytes.
Control panel > internet options > connections tab > "LAN settings" button,
then uncheck the box "use a proxy server", and instead check box "automatically detect settings."
Apply, and ok your way out.....now try updating Malwarebytes.
Try running SuperAntiSpyware portable.
You can download it at http://superantispyware.com/portablescanner.html
I would also suggest using rkill to terminate any malware processes that are running.
you can download it at http://www.bleepingcomputer.com/forums/topic308364.html
Another thing not mentioned that I have had good luck using is GMER rootkit detector. you can get it at http://www.gmer.net/
You can download it at http://superantispyware.com/portablescanner.html
I would also suggest using rkill to terminate any malware processes that are running.
you can download it at http://www.bleepingcomputer.com/forums/topic308364.html
Another thing not mentioned that I have had good luck using is GMER rootkit detector. you can get it at http://www.gmer.net/
@ go2dave .... RKill is certainly an excellent package, although the GMER rootkit detector you'll find is contained within ComboFix and is usually listed near the end of the final ComboFix logfile, like this>
W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanx for the help!
ASKER
I have dropped to safe mode and could delete the Windows\Temp areas, User Temp areas, internet explorer cache and that appears to have gotten rid of it.
I say appears, because I could never identify it and all the utilites listed did not seem to find anything. Kinda scary, but once I cleared the temp areas - IN SAFE MODE - the machines all run normally again.
I will try to split the points.
I say appears, because I could never identify it and all the utilites listed did not seem to find anything. Kinda scary, but once I cleared the temp areas - IN SAFE MODE - the machines all run normally again.
I will try to split the points.
http://support.kaspersky.com/downloads/utils/tdsskiller.zip
Download the file TDSSKiller.zip and extract it into a folder
Execute the file TDSSKiller.exe.
Wait for the scan and disinfection process to be over.
Close all programs and press “Y” key to restart your computer.
More detail TDSSKiller tutorial:
http://support.kaspersky.com/viruses/solutions?qid=208280684