Solved

Virus

Posted on 2011-03-01
9
482 Views
Last Modified: 2013-12-09
we had few computers infected with  PWDdump

we have symantec End Point Protections which could disintected.
is it virus outbreak?

Capture.GIF
Capture.GIF
0
Comment
Question by:pdsmicro
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 4

Accepted Solution

by:
RobertParten earned 215 total points
ID: 35008011
Are you stating that Symantec is NOT able to clean the viral infection?

Windows 7 or XP?

Use Malware bytes if you have Windows 7 and COMBOFIX if you have Windows XP

Have you tried clearing out all Temporary Internet files?

Use this program to clean up your systems first:
http://www.stevengould.org/index.php?option=com_content&task=view&id=15&Itemid=69
0
 

Assisted Solution

by:pdsmicro
pdsmicro earned 0 total points
ID: 35008179
windows visa and XPs.

i see the user name is not same as the aactual user on that computer.
John is the computer log on id, but i see user1 shows up?
0
 
LVL 4

Assisted Solution

by:RobertParten
RobertParten earned 215 total points
ID: 35008241
I would log off and log back in as an administrator to see if any new users were added.
0
 
LVL 5

Assisted Solution

by:sweeps
sweeps earned 71 total points
ID: 35008243
PwDump is usually used to extract passwords out of hash files.  For either of the programs RobertParten is refering to, you will want to run them in Safe mode on the computers.  If the program is live (running) on the laptop you will most likely not be able to delete any Dll file that is active and most programs are not active in safe mode.  Malware is great for virus removal.  ComboFix ix good but you cannot run it on windows 7 and it also can set proxy settings in internet explorer connections that it may not take out so just remember to look there after the reboot if you cant get online.
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 4

Assisted Solution

by:RobertParten
RobertParten earned 215 total points
ID: 35008256
Thanks sweeps, but I thought Combofix had to eb run in normal mode for it to work?
0
 
LVL 38

Assisted Solution

by:younghv
younghv earned 214 total points
ID: 35008326
CF can definitely be used on Windows 7 and is definitely ONLY run in Normal Mode (unless the workstation will ONLY boot to Safe Mode):

http://www.bleepingcomputer.com/combofix/how-to-use-combofix
0
 
LVL 38

Assisted Solution

by:younghv
younghv earned 214 total points
ID: 35008488
pdsmicro,
CF has already been recommended above, so I am just posting the generic instructions that get used around here.

I am a little concerned that you may only be getting 'False Positives" with your alerts - which has been all too common with many anti-malware applications.

PWDump is a very old problem and Symantec should have been able to prevent any actual infection (unless there is a new variant just out).

Can you confirm that all of your systems are fully patched/updated from MS and that all of them have current Symantec DAT files?


****************************
Please download ComboFix by sUBs:(and attach the resulting log) http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and
Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
 
If needed, here's the Combofix tutorial which includes the installation of the Recovery Console:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

*** NOTE
Please post the logs generated for both Malwarebytes and ComboFix so that we can review the results.
0
 
LVL 38

Assisted Solution

by:younghv
younghv earned 214 total points
ID: 35008537
@sweeps,
I see that you are a brand new Member posting here, so welcome.

Please double-check any information before you post any suggestions here.
If fighting malware is not something that you truly consider yourself an "Expert" at doing, you should focus on those Zones where you are.

We always welcome new Experts around here, but you will do better to focus on the Zones you know best.

Welcome!
0
 

Author Closing Comment

by:pdsmicro
ID: 35045622
Thank you for the quick reply.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Have you ever tried to find someone you know on Facebook and searched to find more than one result with the same picture? Perhaps someone you know has told you that they have a 'facebook stalker' or someone who is 'posing as them' online and ta…
The purpose of this Article is to provide information for a newly released variant of malware – with the assumption that many EE Members will have need of the information. According to “Computerworld”, well over one million web sites have been co…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now