First of all I would like to say thanks for reading and trying to help me out here. We are having a problem at a customer, Trend Micro keeps giving popups to reboot to finish cleaning the computer, when you press reboot, and the computer is ready to use again, after 5 minutes you get the same popup.
ive did some research about this worm, and tried cleaning it with Malwarebytes/combofix (which mostly does the trick), but sadly the popup wont dissappear and the problem persists.
Few days back I found this tool http://www.bdtools.net/ -> deploy from Domain Controller, succes on every machine in the network, I was feeling lucky, but it didnt work either.
Ive used the approach that is listed on the the website of trend micro -> force manual update, schedule custom scan, ... no go. I also used their secundary method. with sysclean (also no go : /)..
I think the main problem is because the company is rather large (+/- 150 clients in 5 offices, +/- 25 virtual servers, all connected to eachother over VPN). I think the problem is that when I clean one PC, and you reboot after 15 to 30 min you get the message again. So could it be that by the time that I clean it, the worm already nested itself again?
At this time when I check the dashboard of trend micro I see 44523 entries of Mal_DownadJ and WORM_DOWNAD.AD..
What approach could I try to kill the worm?
Thanks in advance