Posted 06 January 2010 - 01:09 PM
We have several computers in our office. A few servers. Operating systems: Windows XP, Vista, 2000, server 2003, server 2008. Someone clicked on a malicious file last week and I though it was just an isolated incidence. It was a windows xp computer. We have mcafee enterprise on all of the computers but that didn't help. I used combo fix and malwarebytes to clean the inital computer that was infected. After a few days another computer had a virus, I did the same thing. That entire network became infected and it spread to another one. I am not sure how the servers are doing I can't run combo fix on them but malwarebytes ran and returns nothing. Here are some of the bad files combofix has been finding and deleting:
qmgr0.dat, qmgr1.dat, avdrn.dat, patchw32.dll, pw32a.dll, autorun. inf. Also on some computers are .scr files in the system32 directory and cafmg.exe in the windows system drivers directoy.
I have went to every computer and run combofix and malwarebytes and unshared them from the network. THe network got a little better but it is still too slow to work. Can't connect to some computers. We also have a seperate network that can't see the internet, but a few computers had connections to both networks and the virus has spread to those comptuers and servers too. Any help would be appreciated thanks.
One more note certain services like active directory, rfc locator and net logon have either stopped or act up on the servers.