Before posting I want to say that I am a long time lurker of this forum and the site in general. There has been so much useful information found on this site ver the past few years and would like to say thank you.
Anyways, recently I have been dealing with multiple machines showing up under AVG admin console saying that C:\windows\taskshost.exe shows up as infected. I'm assuming that something else is going on and using taskshost.exe as the local resource. I've tried running and cleaning the machines multiple times but come up with nothing. Then, I get a letter from their ISP saying that they are blacklisted because spam as been originating from their IP address. This is the quote I got from the ISP:
GameOver Zeus (GOZ), a peer-to-peer variant of the well-known bank credential-stealing Trojan Zeus malware, uses a decentralized network infrastructure of compromised personal computers and web servers to execute command-and-control. GOZ is primarily used by cybercriminals to harvest banking information, such as login credentials, from a victim's computer. To date, GOZ activity has led to the loss of millions of dollars through fraudulent Automated Clearing House (ACH) transactions and wire transfers. Infected systems can also be used to engage in other malicious activities, such as sending spam or participating in distributed denial-of-service (DDoS) attacks.
So, I'm assuming that the two issues are related. After redoing an inventory on their network I found a rouge PC that had been deployed without any antivirus on it and simply propagated through the network. Although I have cleaned out the machine that was without Anti-virus, the other machines are still reporting as having an issue. I can not submit the ISP to de-blacklist them until I clear out this issue. I am at a loss as where to look. I spoke with the AVG technical support and they said to find a taskshost.exe from an uninfected machine and replace it on all the machines that are having issues. Does this seem like a rational solution? All of the machines are Windows 7 Professional x64.
Thank you in advanced!