Hi Folks, got an issue with our file server - some office files have been replaced by a shortcut with target pointing to the following
C:\WINDOWS\system32\cmd.exe /C start cmd.exe /C if exist \thumbs.dbh start \thumbs.dbh && start "" excel.exe "name of file"
Have run Mbytes and windows scan as well as onboard AV scan. Running unhide.exe reveals the files again but virus kicks in a shortwhile later and files are hidden again. If I recover from backup files are ok for a while then problem reoccurs.
Any help appreciated.