Posted 09 January 2009 - 04:10 PM
I have a badly infected computer on our network. I have suspected it ever since I started here, never showed any cookies found in TrendMicro scan, acts strange, and the user regularly surfs on company time while busily tending to personal email. I will be locking things down over the next month. That's another story. After trying to clean some things up to get ready for Citrix, and finding her computer would not open Add Remove Programs, or let me delete icons off her desktop, I ran Malwarebytes and found 47 infections. Most listed as Fake.Dropped.Malware, Trojan.Agent, and one Rogue.InternetAntivirus.
I removed the infected files via mbab, some wouldn't remove until after a reboot. I have run SUPERAntiSpyWare, and then ATF-Cleaner. I ran mbam again - they are all still there. I cannot get rid of the infected files. I am logged into the computer as the computer administrator, not connected to the network. All of the infections are found in C:\Documents and Settings\NetworkService\Local Settings\Application Data.....
The directory NetworkService does not even exist visually, and threatens to reformat the drive if I try to browse to it through the url bar in explorer. I now officially give up and need help. Don't know what to try next short of wiping and starting fresh. Would you like me to send my mbam log? Thanks.