CCA3

BleepingComputer.com: CCA3

Forum Rules

When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

If you have not received help after three days, please post a link to your topic HERE.

Page 1 of 1

You cannot start a new topic
You cannot reply to this topic

CCA3 Browser Redirect/Possible Flash Drive eraser

#1 T.G.B.

New Member

Group: Members
Posts: 4
Joined: 19-December 10

Posted 19 December 2010 - 07:42 AM

I work for a school system that has a antivirus that needs a lot of work, but I am noticing something new when users login and just on hard drives/flash drives.

When users log in their profile loads, you see the normal stuff like when the first logged into that computer but this C:/CCA3/CCA3..... loads.

Many of the users have the file on their C: drive hidden, I have done some research on it but it seems that the popular paid antivirus paid programs don't have anything on it.

c:\CCA3\E3X3\acx3.exe
c:\CCA3\E3X3\DesKTop.ini

Malwarebytes did detect it and one point, but now I'm banned from using it. Is there a scan/removal tool or somehow to just remove it?

It looks like it spreads through the network, flash drives. It looks like it does browser redirects and when it infects flash drives it removes documents from the drives and also copies user profile folders from the infected desktop to the infected flash drive. They are running Windows XP SP2/SP3. If there is any other info needed please let me know.