|
Posted by on August 9, 2006, 5:42 am
If you were Registered and logged in, you could reply and use other advanced thread options
Dear Messrs,
In our domain infrastructure we found, in some W2KPRO, the problem
mentioned in the object.
After I logged on as administrator of domain, and the proxy setting's
has been removed, I run windows update.
Then after reboot, the computer work very slowly and it seems that the
virtual memory doesn't work properly.
Every process in progress need a high memory consumption.
So please be informed that the following infections were found:
- in "document and settings" folder there is a strange folder user
- in that folder I find a new folder with the machine name like "COMP$"
- on the user management a strange user was set as administrators
- on the user right assignment I found the strange user with particular
settings
- in c:\winnt\temp I found an .exe file and symantec security response
found a new virus
- after antivirus update (corporate edition 10.0.2) this file is kept
in quarantine, but immediatey a new .exe file was created.
- I found that this (or a new) file is called in
HKLM\sofware\microsoft\windows\currentversion\run.
- in c:\programmi\file comuni\system (or microsoft shared) I found one
or more .exe files that are encrypted by the strange user.
- I found a service that use this .exe file and the strange user on
logon tab
If someone has encountered similar problems and can help me, please
contact me a.s.a.p.
Thanks in advance for your cooperation.
Best regards
| 
XML site map