One of our machines (the bosses of all) has got something serious up with it. (XP machine with microsoft security essentials)
It sparked up this morning with security essentials saying there was 10 virus's/threats detected. this cleaned them, but then when he called me in again it said it had detected virus's/threats again, and the count was going up as i was standing there, got to about 30 when i hit clean regardless.
Restarted in safe mode, ran security essentials scan and picked up a virus which i cleaned, ran malware bytes scan which picked up nothing, but on restarting once logged in, about ten minuites in it flagged up again.... and is pretty constant each time it is scanned.
The virus seems to be win32/ramnit|b and vbs/ramnit|b
I have noticed that there is a file within the startup menu I cannot remove named hivwtceb.exe which sounds somewhat suspect, I canm remove from startup menu, apart from for the user logged in as it says it is locked in a process.
Even when i have removed it for a specific user, when i log in it reappears!!
not sure if this is just a curve ball but doesn't look good, and can't seem to rid the machine of the constant virus/malware detection/attack.
Any ideas?
daveJam
it works on my machine, so technically i win!
It sparked up this morning with security essentials saying there was 10 virus's/threats detected. this cleaned them, but then when he called me in again it said it had detected virus's/threats again, and the count was going up as i was standing there, got to about 30 when i hit clean regardless.
Restarted in safe mode, ran security essentials scan and picked up a virus which i cleaned, ran malware bytes scan which picked up nothing, but on restarting once logged in, about ten minuites in it flagged up again.... and is pretty constant each time it is scanned.
The virus seems to be win32/ramnit|b and vbs/ramnit|b
I have noticed that there is a file within the startup menu I cannot remove named hivwtceb.exe which sounds somewhat suspect, I canm remove from startup menu, apart from for the user logged in as it says it is locked in a process.
Even when i have removed it for a specific user, when i log in it reappears!!
not sure if this is just a curve ball but doesn't look good, and can't seem to rid the machine of the constant virus/malware detection/attack.
Any ideas?
daveJam
it works on my machine, so technically i win!