I've been noticing the last 3 weeks that we keep getting back on blacklists.
Since 3 weeks I have been searching in the complete network and i have scanned all the clients (9) + the server (SBS 2003).
I have used:
- Sopos VRT
- EMCO network cleaner tool
- Symantec Endpotion Protection
Well... i have found 2 clients with "bleep"... i have cleaned them with all these tools, i'm 99,9% sure that these 2 clients are clean.
and the server... is maybe still a thread.... because Tdsskiller find 1 thread (sbcore.exe) and NPE found 3 threads ( WOW64.dll - WOW64cpu.dll - wow64....dll (forgot the last one) i didn't cleaned these because they look like they are system files.
Today the IP was blacklisted again, so there is a computer who keeps sending....
Because i don't know any more to start searching, please advice.