I've read dozens of copies of removal instructions for this combination of malware, and I've yet to find anything that works for me. I don't know if this is a brand new variant, or something else masquerading as torpig but I can't seem to pin it down. Even worse - it seems to be in the user's roaming profile since as soon as she logged in to a different computer we detected another connection attempt to C&C.
I've downloaded, updated, and run Malwarebytes, and we run Eset NOD32 on the whole network. Updated scans with both show the computer is clean. I've also tried Windows Defender and GMER also to no avail.
I'm planning to nuke the machine and reinstall after a fixmbr, but I'd really like to be able to detect this malware especially with the possibility looming that other machines are infected. Is there other software I should try? Something I'm missing?
Edited by JoshuaJ, 15 July 2011 - 09:58 AM.