Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Virus

Posted on 2011-03-01
9
Medium Priority
?
499 Views
Last Modified: 2013-12-09
we had few computers infected with  PWDdump

we have symantec End Point Protections which could disintected.
is it virus outbreak?

Capture.GIF
Capture.GIF
0
Comment
Question by:pdsmicro
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 4

Accepted Solution

by:
RobertParten earned 860 total points
ID: 35008011
Are you stating that Symantec is NOT able to clean the viral infection?

Windows 7 or XP?

Use Malware bytes if you have Windows 7 and COMBOFIX if you have Windows XP

Have you tried clearing out all Temporary Internet files?

Use this program to clean up your systems first:
http://www.stevengould.org/index.php?option=com_content&task=view&id=15&Itemid=69
0
 

Assisted Solution

by:pdsmicro
pdsmicro earned 0 total points
ID: 35008179
windows visa and XPs.

i see the user name is not same as the aactual user on that computer.
John is the computer log on id, but i see user1 shows up?
0
 
LVL 4

Assisted Solution

by:RobertParten
RobertParten earned 860 total points
ID: 35008241
I would log off and log back in as an administrator to see if any new users were added.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 5

Assisted Solution

by:sweeps
sweeps earned 284 total points
ID: 35008243
PwDump is usually used to extract passwords out of hash files.  For either of the programs RobertParten is refering to, you will want to run them in Safe mode on the computers.  If the program is live (running) on the laptop you will most likely not be able to delete any Dll file that is active and most programs are not active in safe mode.  Malware is great for virus removal.  ComboFix ix good but you cannot run it on windows 7 and it also can set proxy settings in internet explorer connections that it may not take out so just remember to look there after the reboot if you cant get online.
0
 
LVL 4

Assisted Solution

by:RobertParten
RobertParten earned 860 total points
ID: 35008256
Thanks sweeps, but I thought Combofix had to eb run in normal mode for it to work?
0
 
LVL 38

Assisted Solution

by:younghv
younghv earned 856 total points
ID: 35008326
CF can definitely be used on Windows 7 and is definitely ONLY run in Normal Mode (unless the workstation will ONLY boot to Safe Mode):

http://www.bleepingcomputer.com/combofix/how-to-use-combofix
0
 
LVL 38

Assisted Solution

by:younghv
younghv earned 856 total points
ID: 35008488
pdsmicro,
CF has already been recommended above, so I am just posting the generic instructions that get used around here.

I am a little concerned that you may only be getting 'False Positives" with your alerts - which has been all too common with many anti-malware applications.

PWDump is a very old problem and Symantec should have been able to prevent any actual infection (unless there is a new variant just out).

Can you confirm that all of your systems are fully patched/updated from MS and that all of them have current Symantec DAT files?


****************************
Please download ComboFix by sUBs:(and attach the resulting log) http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and
Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
 
If needed, here's the Combofix tutorial which includes the installation of the Recovery Console:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

*** NOTE
Please post the logs generated for both Malwarebytes and ComboFix so that we can review the results.
0
 
LVL 38

Assisted Solution

by:younghv
younghv earned 856 total points
ID: 35008537
@sweeps,
I see that you are a brand new Member posting here, so welcome.

Please double-check any information before you post any suggestions here.
If fighting malware is not something that you truly consider yourself an "Expert" at doing, you should focus on those Zones where you are.

We always welcome new Experts around here, but you will do better to focus on the Zones you know best.

Welcome!
0
 

Author Closing Comment

by:pdsmicro
ID: 35045622
Thank you for the quick reply.
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

By the time you finish reading this article, you may have already lost all your money because you don't know the simple steps to securing your BitCoin wallet. BitCoin is an incredible invention. It is a decentralized currency system, which is the…
HOW TO REMOTELY CLEAN MEROND.O WITH ESET SILENTLY PROBLEM       If you have the fortunate luck to contract the Merond.O virus on your network, it can be quite troublesome to remove as it propagates to network shares on your network. In my case, the …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question