How do you remove the "ffsearcher" trojan?

Question

Does anyone have any experience in removing the ffsearcher trojan.

One of our systems is infected. The virus scanner doesn't detect it, but our websense program is detecting all the internet activity from it.

I am trying to determine how to remove this.

Here is a great article on the virus, but no removal instructions. Tells the files infected but not how to clean.

What antivirus program are you using? – KPWINC Jul 16 '09 at 19:49 — KPWINC, Jul 16 '09 at 19:49

score 2 · Answer 1 · answered Jul 16 '09 at 18:29

2

Well, the best way is to wipe the machine and restore from backup

answered Jul 16 '09 at 18:29

RascalKing

2

You shouldn't trust a compromised machine. It might look like a "simple" compormise, but unless you have a mechanism to boot a trusted OS and insure that all binaries on the machine are original there may well be a "back door" lurking (rootkit, etc) even after you believe you've "cleaned" the machine. This is an old lesson in computer security that seems to be increasingly forgotten today. – Evan Anderson Jul 16 '09 at 18:30
That should be "trusted backup" - if you can't remember when you got the virus, then you can't trust the most recent backups. If there's no removal instructions, the best way to remove the infection is DBAN. Don't put yourself at risk for reinfection. – Broam Mar 22 '10 at 19:52

score 0 · Answer 2 · answered Jul 16 '09 at 18:28

0

Combofix can get rid of it, run MBAM after to finish up..

answered Jul 16 '09 at 18:28

Dentrasi

2 Answers2