Hopefully, this is an appropriate forum for this topic... I have a few users who had malware on their PC's. Our Helpdesk used ComboFix to correct the problems. I have been able to duplicate the malware (installed it on another PC), and with the malware the SalesLogix service still functions. However, after running ComboFix, although the service is still running, it no longer does what it should.
The service is called SLXSystem. It is a blackbox, so I don't know exactly how it functions, but the functionality is this:
1. When a user is using SalesLogix, changes they make to the database are also written to text files called queue files.
2. The queue files are stored in C:\Docs and Settings\All users\Application Data\SalesLogix\Sync|QUEUEFiles.
3. The SLXSystem service scans that directory for files that have the appropriate name:
4. It then tries to find the server, ALA-SLX-003, and connects to the port, 1706, and copies the file there.
5. It then deletes the file from the source directory.
What happens now is ..... nothing. The files just sit there. They are not copied to the server, nor removed. I have tried "Repairing" the network connections, run winsockxpfix.exe, run the reg fixes recommended for the malware, un-installed/ reinstalled SalesLogix, run some TCP/IP fix routines, run the Windows command line system file checker (sfc.exe), and nothing has helped.
Also, I can ping the server and also connect using telnet to the port.
Kind of at the end of the rope here. Any ideas?
Edited by pjames, 22 April 2010 - 12:47 PM.