I have four identical fresh Dell machines, Win7 Pro 32bit, Office 2010, MS security essentials. Also the usual stuff: adobe reader, ultravnc, etc. After a few days after installation, users started to observe strange behaviour. From time to time one proprietary software starts redraw its window very fast, it looks like it's closing and opening again, but the process does not really terminate. This happens for a few minutes, then the program is back to normal, where it was. Another trick is Word, which looks like somebody is pressing enter (adding new lines). This doesn't stop until the process is killed. Then today one PC started flicking windows again, and then shutdown itself gracefully (not a hard turn off).
Nothing suspicious in event logs, hardware also cannot be the problem (identical new machines). But all pcs have a mapped network drive, which has been infected with usbv.exe (W32.SillyP2P) and juana.exe (W32.Pilleuz!gen5), using autorun.inf. The virus names are written according to Symantec. The drive was cleaned at about the same time the Dell machines started acting weird.
I don't see anything bad on machines, tried autoruns, process explorer, scanning with MBAM, superantispyware, Eset online scanner, AVZ. No strange connections observed with tcpview. The users of these PCs are not likely to go on porn or similar unsecure sites.
I'm afraid to use specific tools like combofix, because I didn't have experience with them on win7. Could you recommend something?
Edit: I would add that no suspicious exe files found in usual places like %appdata% or %temp%.
Edited by radioalarm, 04 November 2010 - 09:28 AM.