0

We're wondering has anyone seen this type of virus/worm before?
Our antivirus software (AVG-8) was not able to detect it.
It occurred on an XP pro-SP3 workstation, (on a LAN, with internet access).
The virus installs the following software, spontaneously:
MS SQL server 2004, SQL server native client, native support files, vss writer, SQL writer, MSXML 6 SP2, ms compression client pac 1 for xp, ms office 2003 web components, ms office small buisiness connectivity components, visual c++.
In the programs folder, there were 60+ copies of an sql directory, containing hotfix.exe, amounting to several GB!
Trying to delete those folders gave "access denied", until we went to the security tab of each folder, gave ourself rights, to delete it.
Then we manually uninstalled the bogus programs, and disabled suspicious looking processes. That seems to have fixed it, so far.
But while the affected hard drive was connected to another XP machine, (through a USB adapter), the virus jumped on the other PC and did the same thing! requiring the same manual process to delete it. We would appreciate any feedback or additional information on this.

4
Contributors
3
Replies
4
Views
8 Years
Discussion Span
Last Post by MidiMagic
0

Download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then

click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily.
* Immediately Reboot the computer..

Then Download

Trend Micro HijackThis 2.0.2
Install it and click on 'Run a scan and save the logfile'.

Provide the logfile of MBAM and Hijackthis Here..

0

I thought something like this was happening, and found out that a website I access for my job was installing software on my computer without my permission. It was a player needed to use the website. This might be happening to you.

Have we gotten to the point where websites have the right to install programs on our computers without first asking for permission?

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.