2
1
Possible Duplicate:
What to do if my computer is infected by a virus or a malware?
I've found myself stuck with a keylogger that my firewall keeps reporting on startup/shutdown as attempting communication to a remote host. The virus itself is listed as Trojan.Spyeye.AA, which is a keylogger and backdoor trojan.
The documentation I've seen online suggests most antivirus programs and antimalware can find and remove this automatically. However none of the programs I've tried have found it. This includes Corporate Symantec Endpoint Protection, ClamAV, Windows Defender (installed for the purpose of seeing if it could find and remove), SpyDLL, Malwarebytes Anti-Malware, and Spybot S&D. However I know it's still there because every time I do a test connection and restart, the firewall records the attempted communication. It is at least partially getting through as it blocks six requests total, three outbound and three inbound, initiated from inbound.
The virus itself hides using rootkit tricks, so there's no taskmanager entries, no files to see, and all of that fun. But now it's spread to another machine.
EDIT: Turns out this was the result of a known problem with the gateway antivirus returning false positives from valid traffic. The system suddenly started reporting the ipads in-house had the same problem, and after contacting them it was confirmed as false positives.
MedTechDeveloper
Posted 2011-06-17T14:39:09.750
Reputation: 33
I did run Malwarebytes and Symantec while in safe mode and they didn't find anything; however once the machine is out of an attempted system restore I will repeat those attempts again, especially with the tools mentioned above. – MedTechDeveloper – 2011-06-17T14:58:22.253