Have a box running Server 2003 SP1 that managed to get infected by a drive-by installation. Removed Network Monitor, Command, and a few other files from the system32 folder manually including the following:
There were a few other dll files with random names in the system32 folder that I got rid of as well. I've run HJT as well as inspected startup entries using Sysinternals Autoruns, and don't see anything suspicious anymore. But I'm still getting random popups. They're not for fake anti-virus or anything like that... they appear to be for random websites. For instance, the last three were an eBay listing for a Garmin GPS, http://blogmlb.smacchat.com, and http://www.felonyfind.com.
I've run VundoFix which came back clean, as well as scanned the machine with Trend Micro - also clean. I'm out of ideas, and that doesn't happen easily... hunting down and removing nasty infections manually is part of my job every day. Meanwhile, the popups continue. I would greatly appreciate your expert assistance.
Edited by javabytes, 21 September 2008 - 02:36 PM.