Posted 14 May 2010 - 12:48 PM
I have seen on several of my client's computers that there were exe files been replaced with infections on same name and running instead.
lets say Adobe file: Acrord32.exe is infected. There will be another file with the same name but different icon. The original files will have space in between the .exe; say Acrord32 .exe. The file active running on the computer will be the infected one.
I have tried to remove them but was not able to as they are recreating. I have tried Combofix on this, but found that infection replaces combofix when I try to run it. Can any one help me on this?