My first post here, normally I've been able to remove many infections without assistance, but this time I'm really struggling to get this thing to stop re-infecting.
We have two almost identical (in terms of software) terminal servers installed in an organisation which have both become infected with malware.
I've been trying to fix it for a while but there is a file which keeps on appearing when people log in:
c:\documents and settings\%user%\application data\twex.exe
I don't know if it is doing any harm now that I've already scanned and removed most of the problem, but I need to know if it is and I need to get rid of it if possible.
So far I've used spybot search and destroy, superantispyware, malwarebytes, ccleaner, mcafee virusscan 8.0, ESET online scanner, Trend Micro House call, possibly more but I can't remember now.
I've been battling with this for 3 days and every time I think I've won the file re-appears.
Please can someone try to help me get rid of this for good?
I'm not able to post DDS from 2003 unfortunately. But I've attached GMER logs:
SERVER1 GMER LOG
Argh! SERVER1 didn't like GMER and it rebooted (blue screened) with the following error:
BCCode : 50 BCP1 : EE660000 BCP2 : 00000000 BCP3 : B8EC0C3E
BCP4 : 00000000 OSVer : 5_2_3790 SP : 2_0 Product : 16_3
SERVER2 GMER LOG
I have been working on this remotely this week, but I'm going on site tomorrow for a weekly visit.
Any advice would be really really appreciated at this point.