Unfortunately she didn't realize she had opened malware until I found it in a scan 4 days later.
McAfee caught the file and .exe file and deleted it:
c:\Documents and Settings\chandrika\Local Settings\Temporary Internet Files\OLK4\Federal Express INC notification.zip\Federal Express inc notification.exe
From my research on cisco.com it seems that this malware is in the family of Trojan.Sasfis, and it has probably already tried to download more malware and has embedded itself in processes on the computer in the four days while it was sitting on the computer.
My question is how to proceed?
Should I just restore the image of the System partition that I have from last year? That always seems the easiest and most complete solution to me, but since the user has logged on and off (which pushes her roaming profile back to the server) since the infection started, I'm concerned that I must also restore or clean the user profile somehow. I heard on a forum that this trojan may have also downloaded things onto App Data in the user profile.
Or should I just try to clean the computer using a forum on this website?
I'm not happy knowing I have a computer which probably has malware running on it, even though so far it's shown no symptoms.
Any help is appreciated!
Edited by JayoBayo, 24 March 2011 - 12:14 PM.