Recently I had very serious troubles with the office's network. A week ago some files (some cad drawings) came to my machine on a usb stick. After that i noted some popus alerts: "kjhfkhsdkfjh.exe" or "dhfgjhgfka.exe" or "anything.exe" had to close because the process can´t "write" o "read" in the memory, with the options Depure to close the process o Cancel.
So I tried with Clamwin AV, to perform a memory scan; Clamwin can detect the process and unload from memory, but after some time (minutes, hours) the alerts continues. Also tried to rebbot Windows and manually unload these process via Task Manager, with the same result.
Anyway I have to keep working so if these alerts don't do anything else, just click the Depure button and move on. But three day ago, the Intenet access has been down for some unkown reason, the ISP change the modem/router, the boss also buy a new Linksys router, and the issue was resolved with irregularities: the access sometimes fails. I notice that my machine can't connect to these networks, except if I start windows in safe mode, so I assume that is my machine. But more curious, when a I try to acces the web in Windows normal mode, the network fail and also denied the web access to the other machines.
I read about rootkits, tough I had one of these, and perform a lot of scans with Clamwin or manually in Task Manager, ending process who suspect would be the virus or something, change the windows registry (in "Local Machine\Software\Microsoft\Windows\Current version\Run"), uncheck the startup programs via Msconfig, deleted some files who suspect.
And now I came here and downloaded ComboFix but this program had a very serious warning about the risk of use inproperly, so if anyone had any idea or suggestion, will be really appreciate. Don't want to format and reinstall the os, because, well tipically if any data, not only my machine but the whole office, is deleted o lost for some reason everybody will point their finger to this humble narrator. Thanks in advance.
Edited by The weatherman, 29 September 2009 - 01:45 PM.
Moved from XP to a more appropriate forum. Tw