Posted 19 December 2010 - 07:42 AM
I work for a school system that has a antivirus that needs a lot of work, but I am noticing something new when users login and just on hard drives/flash drives.
When users log in their profile loads, you see the normal stuff like when the first logged into that computer but this C:/CCA3/CCA3..... loads.
Many of the users have the file on their C: drive hidden, I have done some research on it but it seems that the popular paid antivirus paid programs don't have anything on it.
Malwarebytes did detect it and one point, but now I'm banned from using it. Is there a scan/removal tool or somehow to just remove it?
It looks like it spreads through the network, flash drives. It looks like it does browser redirects and when it infects flash drives it removes documents from the drives and also copies user profile folders from the infected desktop to the infected flash drive. They are running Windows XP SP2/SP3. If there is any other info needed please let me know.