?
Solved

Virus

Posted on 2011-03-01
9
Medium Priority
?
501 Views
Last Modified: 2013-12-09
we had few computers infected with  PWDdump

we have symantec End Point Protections which could disintected.
is it virus outbreak?

Capture.GIF
Capture.GIF
0
Comment
Question by:pdsmicro
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 4

Accepted Solution

by:
RobertParten earned 860 total points
ID: 35008011
Are you stating that Symantec is NOT able to clean the viral infection?

Windows 7 or XP?

Use Malware bytes if you have Windows 7 and COMBOFIX if you have Windows XP

Have you tried clearing out all Temporary Internet files?

Use this program to clean up your systems first:
http://www.stevengould.org/index.php?option=com_content&task=view&id=15&Itemid=69
0
 

Assisted Solution

by:pdsmicro
pdsmicro earned 0 total points
ID: 35008179
windows visa and XPs.

i see the user name is not same as the aactual user on that computer.
John is the computer log on id, but i see user1 shows up?
0
 
LVL 4

Assisted Solution

by:RobertParten
RobertParten earned 860 total points
ID: 35008241
I would log off and log back in as an administrator to see if any new users were added.
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
LVL 5

Assisted Solution

by:sweeps
sweeps earned 284 total points
ID: 35008243
PwDump is usually used to extract passwords out of hash files.  For either of the programs RobertParten is refering to, you will want to run them in Safe mode on the computers.  If the program is live (running) on the laptop you will most likely not be able to delete any Dll file that is active and most programs are not active in safe mode.  Malware is great for virus removal.  ComboFix ix good but you cannot run it on windows 7 and it also can set proxy settings in internet explorer connections that it may not take out so just remember to look there after the reboot if you cant get online.
0
 
LVL 4

Assisted Solution

by:RobertParten
RobertParten earned 860 total points
ID: 35008256
Thanks sweeps, but I thought Combofix had to eb run in normal mode for it to work?
0
 
LVL 38

Assisted Solution

by:younghv
younghv earned 856 total points
ID: 35008326
CF can definitely be used on Windows 7 and is definitely ONLY run in Normal Mode (unless the workstation will ONLY boot to Safe Mode):

http://www.bleepingcomputer.com/combofix/how-to-use-combofix
0
 
LVL 38

Assisted Solution

by:younghv
younghv earned 856 total points
ID: 35008488
pdsmicro,
CF has already been recommended above, so I am just posting the generic instructions that get used around here.

I am a little concerned that you may only be getting 'False Positives" with your alerts - which has been all too common with many anti-malware applications.

PWDump is a very old problem and Symantec should have been able to prevent any actual infection (unless there is a new variant just out).

Can you confirm that all of your systems are fully patched/updated from MS and that all of them have current Symantec DAT files?


****************************
Please download ComboFix by sUBs:(and attach the resulting log) http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and
Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
 
If needed, here's the Combofix tutorial which includes the installation of the Recovery Console:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

*** NOTE
Please post the logs generated for both Malwarebytes and ComboFix so that we can review the results.
0
 
LVL 38

Assisted Solution

by:younghv
younghv earned 856 total points
ID: 35008537
@sweeps,
I see that you are a brand new Member posting here, so welcome.

Please double-check any information before you post any suggestions here.
If fighting malware is not something that you truly consider yourself an "Expert" at doing, you should focus on those Zones where you are.

We always welcome new Experts around here, but you will do better to focus on the Zones you know best.

Welcome!
0
 

Author Closing Comment

by:pdsmicro
ID: 35045622
Thank you for the quick reply.
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Change your password...do it now!. Probably the easiest point of access to your account is through guessing your password. If your password is guessable, do change it now. If not for your sake but for everyone else in your friends list. Remember …
This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question