Greetings from the Swamps of Sunny Central Florida,
I have a customer's computer that appears to have been attacked by some sort of bot or at least something similar.
Usually I am pretty good at finding these types of things, but this one has me stumped. I have used Hijackthis, AVG 8, Defender, SpyBot and AdAware plus manually scrubbing the Registry in all Software sections to remove anything suspitious or anything not removed completely by its uninstall program.
The customer had Norton 360 as his main security program, but it was trashed and wouldn't even run a complete scan without quiting on "unknown errors", which was why it now has AVG free and the others installed. It wouldn't even uninstall itself correctly and I had to manually remove the left-overs in Windows Explorer after doing a manual removal of anything "Norton" or "Symantic" in the Registry.
OS is XPHome w/SP3 and all further updates.
From time to time, it will seem that I have actually found it and its activity will go back to normal (network icon in System Tray showing no activity),then 15 or 20 minutes it starts up again and is pushing out so much that none of the other systems on my network have any bandwidth left.
Task Manager doesn't show anything that I can shut off that stops the activity, Process Explorer doesn't show anything running that looks at all suspitous.
Obviously I'm missing something . . . any body have any ideas???
Swampster
I have a customer's computer that appears to have been attacked by some sort of bot or at least something similar.
Usually I am pretty good at finding these types of things, but this one has me stumped. I have used Hijackthis, AVG 8, Defender, SpyBot and AdAware plus manually scrubbing the Registry in all Software sections to remove anything suspitious or anything not removed completely by its uninstall program.
The customer had Norton 360 as his main security program, but it was trashed and wouldn't even run a complete scan without quiting on "unknown errors", which was why it now has AVG free and the others installed. It wouldn't even uninstall itself correctly and I had to manually remove the left-overs in Windows Explorer after doing a manual removal of anything "Norton" or "Symantic" in the Registry.
OS is XPHome w/SP3 and all further updates.
From time to time, it will seem that I have actually found it and its activity will go back to normal (network icon in System Tray showing no activity),then 15 or 20 minutes it starts up again and is pushing out so much that none of the other systems on my network have any bandwidth left.
Task Manager doesn't show anything that I can shut off that stops the activity, Process Explorer doesn't show anything running that looks at all suspitous.
Obviously I'm missing something . . . any body have any ideas???
Swampster
