Okay, I am a bit confused as to what my next step should be. I am a network administrator/network security person for my company. We have three servers, DC01, DC02 and EX01. We use Windows 2003 for our servers, XP for workstations and Exchange 2003 for exchange services. Last week we had someone do a baseline config on the HDD (servers). When they returned and we put back online we noticed some issues. When you double click to open the shared drive (on DC02) we get a DOS window that says at the top left PjSiEq.eXe. I looked this up and noted it to be malware. So, I ran malwarebytes on each server and workstation. On the workstations I get "hijack.connectioncontrol" and on the server (DC02) I found a trojan (trojan.vundo) in the shared drive. I quarantined both things but am having the same issue. how do I return my system back to normal?
I ran my Norton and found nothing on servers or workstations. I ran the Malwarebytes again and now find nothing on servers but still have the "hijack.connectioncontrol" on the workstations. My users need the share drive. Any assistance will be greatly appreciated.
This is a difficult one.