removing malware and trojan

Posted on 2010-09-06
Medium Priority
Last Modified: 2013-11-22
Okay, I am a bit confused as to what my next step should be.  I am a network administrator/network security person for my company.  We have three servers, DC01, DC02 and EX01.  We use Windows 2003 for our servers, XP for workstations and Exchange 2003 for exchange services.  Last week we had someone do a baseline config on the HDD (servers).  When they returned and we put back online we noticed some issues.  When you double click to open the shared drive (on DC02) we get a DOS window that says at the top left PjSiEq.eXe.  I looked this up and noted it to be malware.  So, I ran malwarebytes on each server and workstation.  On the workstations I get "hijack.connectioncontrol" and on the server (DC02) I found a trojan (trojan.vundo) in the shared drive.  I quarantined both things but am having the same issue.  how do I return my system back to normal?

I ran my Norton and found nothing on servers or workstations.  I ran the Malwarebytes again and now find nothing on servers but still have the "hijack.connectioncontrol" on the workstations.  My users need the share drive.  Any assistance will be greatly appreciated.

This is a difficult one.
Question by:lpetrowicz

Expert Comment

ID: 33613735
you could download the Avira rescue boot CD and run on the workstations, choosing the rename options on threats found.

LVL 65

Expert Comment

ID: 33613767
have u tried running mb in safe mode?
LVL 65

Expert Comment

ID: 33613772
ha, wait a mo. I checked mb forums and it seems it might be a false positive. Something to do with group policy.
See this http://forums.malwarebytes.org/index.php?showtopic=45986
We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!


Expert Comment

ID: 33613790
check the registry key

HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel\ConnectionsTab (Hijack.ConnectionControl) -> Bad: (1) Good:

malwarebytes belives this to be a false positive
LVL 65

Expert Comment

ID: 33613828
mb has reported it to be a false positive so maybe you could try running another spyware checker and see what that produces. There is no harm in having two, Maybe run hijack this as well

Author Comment

ID: 33614013
I have read that and that only solves the minor workstation thing.  What about the bigger problem; when I click on my share drive and a DOS window opens reading PJSIEQ.EXE?  How do I indentify what the cause of this is if I have already run Antivirus and Malwarebytes?
LVL 22

Expert Comment

ID: 33614086
LVL 65

Expert Comment

ID: 33614161
you have tried running full scan in safe mode right?
as I said before, it might be worth trying out another spyware like superantispyware (has a free version). one of their pages also mentions PJSIEQ.EXE. http://www.superantispyware.com/malwaredailyfiles/2010-03-01.html
LVL 30

Accepted Solution

Sudeep Sharma earned 2000 total points
ID: 33615863

If the exe PJSIEQ.EXE is in your user profile and then probably your system is infected by virus named DunDun (W32/DunDun.a) (W32.SillyFDC).

Click on Start --> Run --> Type %UserProfile% and click ok. A window would open and you would see exe named PJSIEQ.EXE there (make sure that you select Show Hidden and System File in Explorer Folder Option)

More details:


Author Closing Comment

ID: 33651343
we did find a W32.Silly in one of our profiles.  Thanks.

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

If you are looking at this article, you have most likely been hit by some version of ransomware and are trying to find out if there is anything you can do, or what way you should react - READ ON!
If you are like me and like multiple layers of protection, read on!
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question