One of my clients has a PC running Windows XP SP3, that is domain joined and behind a Watchguard Firewall.
I can see from the Firewall logs that it is constantly trying to send out spam to a number of relay servers as well as making numerous attempts to contact various sites on the Internet on a variety of other ports.
All of this is being blocked at the Firewall.
The machine us running Sunbelt Vipre Enterprise Antivirus which has not found anything.
Malware Bytes comes up clean too.
I know I'm not supposed to run Combofix before being requested to do so, but I have used this tool before and it's never failed me. I have already run it against this machine, and while it did find and delete a couple of malicious files, the infection remains. I have tried several rootkit scanners and none have found anything.
The machine does have network connectivity, but no direct Internet access at present, so I have to download tools elsewhere and then copy them on to the machine to run.
Please advise what logs you need and what's the next step?
Edited by Budapest, 23 February 2011 - 05:50 PM.
Moved from Virus, Trojan, Spyware, and Malware Removal Logs ~BP