954,262 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Have something to say? Contribute New Article Reply to this Article
3 Years Ago
0

strange virus/worm - hard to remove

We're wondering has anyone seen this type of virus/worm before?
Our antivirus software (AVG-8) was not able to detect it.
It occurred on an XP pro-SP3 workstation, (on a LAN, with internet access).
The virus installs the following software, spontaneously:
MS SQL server 2004, SQL server native client, native support files, vss writer, SQL writer, MSXML 6 SP2, ms compression client pac 1 for xp, ms office 2003 web components, ms office small buisiness connectivity components, visual c++.
In the programs folder, there were 60+ copies of an sql directory, containing hotfix.exe, amounting to several GB!
Trying to delete those folders gave "access denied", until we went to the security tab of each folder, gave ourself rights, to delete it.
Then we manually uninstalled the bogus programs, and disabled suspicious looking processes. That seems to have fixed it, so far.
But while the affected hard drive was connected to another XP machine, (through a USB adapter), the virus jumped on the other PC and did the same thing! requiring the same manual process to delete it. We would appreciate any feedback or additional information on this.

Davepl
Newbie Poster
13 posts since Nov 2004
Reputation Points: 11
Solved Threads: 2
 
FlamingClaw
Posting Pro
559 posts since Feb 2009
Reputation Points: 132
Solved Threads: 138
 
3 Years Ago
0

Download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then

click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily.
* Immediately Reboot the computer..

Then Download

Trend Micro HijackThis 2.0.2
Install it and click on 'Run a scan and save the logfile'.

Provide the logfile of MBAM and Hijackthis Here..

Godsp3ed
Posting Whiz in Training
237 posts since Jan 2009
Reputation Points: 9
Solved Threads: 30
 
3 Years Ago
0

I thought something like this was happening, and found out that a website I access for my job was installing software on my computer without my permission. It was a player needed to use the website. This might be happening to you.

Have we gotten to the point where websites have the right to install programs on our computers without first asking for permission?

MidiMagic
Nearly a Senior Poster
3,319 posts since Jan 2007
Reputation Points: 730
Solved Threads: 182
 

This article has been dead for over three months

Post: Markdown Syntax: Formatting Help
You
View similar articles that have also been tagged:
 
© 2012 DaniWeb® LLC
Home | About Us | Contact Us | Terms of Service | Advertising Opportunities
RSS Feed RSS Feed