Solved

Virus

Posted on 2011-03-01
9
494 Views
Last Modified: 2013-12-09
we had few computers infected with  PWDdump

we have symantec End Point Protections which could disintected.
is it virus outbreak?

Capture.GIF
Capture.GIF
0
Comment
Question by:pdsmicro
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 4

Accepted Solution

by:
RobertParten earned 215 total points
ID: 35008011
Are you stating that Symantec is NOT able to clean the viral infection?

Windows 7 or XP?

Use Malware bytes if you have Windows 7 and COMBOFIX if you have Windows XP

Have you tried clearing out all Temporary Internet files?

Use this program to clean up your systems first:
http://www.stevengould.org/index.php?option=com_content&task=view&id=15&Itemid=69
0
 

Assisted Solution

by:pdsmicro
pdsmicro earned 0 total points
ID: 35008179
windows visa and XPs.

i see the user name is not same as the aactual user on that computer.
John is the computer log on id, but i see user1 shows up?
0
 
LVL 4

Assisted Solution

by:RobertParten
RobertParten earned 215 total points
ID: 35008241
I would log off and log back in as an administrator to see if any new users were added.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 5

Assisted Solution

by:sweeps
sweeps earned 71 total points
ID: 35008243
PwDump is usually used to extract passwords out of hash files.  For either of the programs RobertParten is refering to, you will want to run them in Safe mode on the computers.  If the program is live (running) on the laptop you will most likely not be able to delete any Dll file that is active and most programs are not active in safe mode.  Malware is great for virus removal.  ComboFix ix good but you cannot run it on windows 7 and it also can set proxy settings in internet explorer connections that it may not take out so just remember to look there after the reboot if you cant get online.
0
 
LVL 4

Assisted Solution

by:RobertParten
RobertParten earned 215 total points
ID: 35008256
Thanks sweeps, but I thought Combofix had to eb run in normal mode for it to work?
0
 
LVL 38

Assisted Solution

by:younghv
younghv earned 214 total points
ID: 35008326
CF can definitely be used on Windows 7 and is definitely ONLY run in Normal Mode (unless the workstation will ONLY boot to Safe Mode):

http://www.bleepingcomputer.com/combofix/how-to-use-combofix
0
 
LVL 38

Assisted Solution

by:younghv
younghv earned 214 total points
ID: 35008488
pdsmicro,
CF has already been recommended above, so I am just posting the generic instructions that get used around here.

I am a little concerned that you may only be getting 'False Positives" with your alerts - which has been all too common with many anti-malware applications.

PWDump is a very old problem and Symantec should have been able to prevent any actual infection (unless there is a new variant just out).

Can you confirm that all of your systems are fully patched/updated from MS and that all of them have current Symantec DAT files?


****************************
Please download ComboFix by sUBs:(and attach the resulting log) http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and
Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
 
If needed, here's the Combofix tutorial which includes the installation of the Recovery Console:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

*** NOTE
Please post the logs generated for both Malwarebytes and ComboFix so that we can review the results.
0
 
LVL 38

Assisted Solution

by:younghv
younghv earned 214 total points
ID: 35008537
@sweeps,
I see that you are a brand new Member posting here, so welcome.

Please double-check any information before you post any suggestions here.
If fighting malware is not something that you truly consider yourself an "Expert" at doing, you should focus on those Zones where you are.

We always welcome new Experts around here, but you will do better to focus on the Zones you know best.

Welcome!
0
 

Author Closing Comment

by:pdsmicro
ID: 35045622
Thank you for the quick reply.
0

Featured Post

3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

PREFACE The purpose of this guide is to explain how to manually move a SEP client to a different client group by performing steps on the client-side. These steps may prove particularly useful because they allow the client to move after it has alrea…
The purpose of this Article is to provide information for a newly released variant of malware – with the assumption that many EE Members will have need of the information. According to “Computerworld”, well over one million web sites have been co…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question