I have an unregistered copy of Security Task Manager that shows a varying number of dangerous processes running. Once deleted they seem to come back. I also searched and found some of the names in my registry and deleted those keys but the bad processes keep coming back.
So, I need to take a deep breath and have someone lead me through a wiser process to track this down. thanks for any help you can offer. I have or can create logs as needed.
Sometime ago I learned of combofix trying to get rid of Virtumonde and it worked. This bug "could" be Virtmonde but I have no proof.
UPDATE Here's hoping I have most of this done -- if not I'll be back! Ran fixes for Vundoo (8 hits) and Virtumonde (1 hits). Still had a suspicious dll loading which combofix deleted. On restart rundll was trying to run one of the quarantined mods but fails cause it can't be found. Scanned my registry and found a pointer to it and deleted it. Any suggestions on anything further to do (other than head slap for downloading the nasty thing)?
Edited by Steve`, 02 July 2008 - 04:58 AM.