Same files come back over and over again in Virus Scan! 1

[GrnEyedLdy]

I have 2 users who are having a persistant problem with their virus scans reporting W32.Spybot in file Winsdk.exe. (other files as well, but this one is persistant). I have removed these files. I have run Hijack This and fixed all problems I could identify. That particular file showed up 3 times as an 04 Autoloading program from Registry on one of those users machines.

These users are up to date with all Service Packs and critical updates. I need to find out how or why these files keep showing up and why only on these 2 machines.

Very little web surfing is done by these 2 indivuals, only thing consistent is that they both use an 'in the works' application online that is being developed for us.

28 other machines in the office that use the Internet much more scan virus free day after day....

We use Cisco router, PIX firewall, MS Anti Spyware and runs Symantec Virus Scans every day....

Any help will be greatly appreciated and as always THANKS in advance to this great group on Tek-Tips!


Patty

 

[Deleted]

1. Run Adaware on the machine in safe mode.

2. Disable I.E. by changing the security setting from 'Medium' to 'High'.

3. Setup Firefox as the default browser.

http://unixjunky.com

 

[GrnEyedLdy]

I have run Adaware and other leading Anti Spyware programs.

Is Internet Explorer the problem here? If I change the security settings to High then they have problems using some sites that are necessary for them to work.

Will using Firefox eliminate some of these problems?


Thanks,

Patty

 

[Deleted]

Using Firefox will eliminate over 95% of your issues.

Since my company replaced I.E. with Firefox on all of its workstations we rarely have issues. Considering over 40% of the workweek was wasted running malware removal tools and detection I consider this a big improvement.

"they have problems using some sites that are necessary for them to work"

Very rare.. I have only experienced one website that I needed to use I.E. for. Regardless, developers should know better than to build websites that don't follow industry standards.

http://unixjunky.com

 

[GrnEyedLdy]

Hi UnixJunky,

Thanks for your suggestion, I think I will give it a try. If I could spend less time with these spyware issues it would make my day alot easier.


Patty

 

[wvajenm]

Internet Explorer doesn't sound like your problem here, it sounds more like your users are either opening an infected email over and over, downloading the same file, or else there is a file on that computer that keeps recreating itself. As long Symantec is catching it, the computer is not infected, but I would visit the Symantec website to get details on this particular virus and how it might spread, and run through the manual removal steps to make sure I had it all removed, and then I would examine the users behavior to find the source of the file. You might also consider using an online scan from Trend or one of the other AV companies as a backup if you're concerned. Chances are, even though Firefox will prevent the majority of spyware, simply making that switch won't help you out with this issue. Also, you mentioned that your critical updates were done, and that you ran anti-virus scan's every day, I am assuming that your virus definitions are up to date also?

 

[billbredbenner]

GrnEyedLdy,
My apologies if I'm restating the obvious, but do you have
system restore disabled ( assuming you're running XP ) ?
If not, on the next reboot the infected files will be
reinstalled.

Good Luck.