I have a unique problem. Vipre Antivirus missed some malware which "phones home" every minute and 40 seconds, and spike the CPU to 100% for 6-8 seconds on my Windows Server 2008 Entrerprise server. This server is virtualized in a VMWare environment, and runs all of our school district DHCP services. This is a big deal because if a device is looking for an IP during this 6-8 second period of high CPU utilization, it will just timeout, and assign a local APIPA IP causing our users to have no idea what the problem is...
I finally found the problem by installing Malwarebytes, and it is able to remove the malware, here are the pertinent lines from the log entry:
Windows Server 2008 Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Data: 1 -> Quarantined and deleted successfully.
However, the moment that I restart the server, it comes right back.
If this was a Windows 7 PC, the forums talk about using the Combofix.exe utility, but it doesn't run on a server.
I have looked in the Registry Run Once and Run keys, and found nothing... Does anyone know where this bugger might be hiding?
Any help would be much appreciated!