Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CCA3


  • Please log in to reply
No replies to this topic

#1 T.G.B.

T.G.B.

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 19 December 2010 - 07:42 AM

I work for a school system that has a antivirus that needs a lot of work, but I am noticing something new when users login and just on hard drives/flash drives.

When users log in their profile loads, you see the normal stuff like when the first logged into that computer but this C:/CCA3/CCA3..... loads.

Many of the users have the file on their C: drive hidden, I have done some research on it but it seems that the popular paid antivirus paid programs don't have anything on it.

c:\CCA3\E3X3\acx3.exe
c:\CCA3\E3X3\DesKTop.ini

Malwarebytes did detect it and one point, but now I'm banned from using it. Is there a scan/removal tool or somehow to just remove it?

It looks like it spreads through the network, flash drives. It looks like it does browser redirects and when it infects flash drives it removes documents from the drives and also copies user profile folders from the infected desktop to the infected flash drive. They are running Windows XP SP2/SP3. If there is any other info needed please let me know.

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users