First off, I can try to post a Hijack This log but I examined one from on of the previously infected PC's and didn't see anything I didn't recognized. Deleing all the unnecessary entries didn't help. Malware Bytes (installed from a CD in Safe Mode) found no infection.
Here are the symptoms:
1. It breaks the wired LAN connection. The Disconnected icon shows up on the taskbar. If you right click and try to Repair or Create a new connection, at length Windows comes back and tells you the necessary services are not loaded. Same thing from "Networks" under the Start Menu or Control Panel. The Internert Connection (over the same LAN adapter) stays up. Again, I can browse even though the LAN says it is broken. If I boot into Safe Mode, my local LAN connection is restored.
2. We are now running the "Security Agent" that came with our Lightspeed Systems web filtering server. It detects nothing (I ran it from Safe Mode). We used to have MS Live Care (I disabled active scanning before installing the Lightspeed Security Agent). Live Care also tells me tat services necessary for it's operation are not loading in normal mode and it won't run in Safe Mode.
3. Printer definitions are deleted from the Control Panel.
4. USB is non-functional (I put thumb drive in a machine before I realized it was infected. It never showed up and the connection light on the drive never lit up (I'm still going to re-format it on my Linux box).
5. Productivity programs seem to run normally, (browsers, Office), but anything that might help correct the problem is blocked. You can launch Windows Explorer, but it slows to a crawl or freezes. I can install an update of Spybot, but the program itself won't launch when I click the icon (hourglass then nothing). Regedit will not run.
Anybody know what this is? I realize if it's a rootkit I'm better off nuking from space anyway, but I'd like to have a way to identify it so I can scan my network and find any other infections. I also need to know if there is any way to keep it from spreading.
Is there any tool (payware or freeware) out yet that can scan and repair a Vista workstation from boot CD?
BTW, I haven't seen this thing infect an XP box yet.
Edited by CyyberSpaceCowboy, 27 January 2009 - 02:49 AM.