So I work tech support at my company and recently had one of our secretaries run into a virus. It was an email containing a fake resume in .doc format that once opened, attempted to direct the computer to download a trojan. AVG detected it right off the bat and quarantined it. I then ran a full system scan with AVG, Malwarebytes, and Spybot and everything came back clean. I had assumed AVG along with Word being macro-disabled by default kept anything from actually happening.
However, at the time of the download she was running our company bookkeeping software (eClub for those interested) and it crashed once she tried to use it again. I check it out and see that the .exe to run eClub had been removed from the eClub folder (let's call it eclub.exe). Weird! So I go ahead and completely uninstall the program and reinstall, only to find eclub.exe was not reinstalled with it. I copy eclub.exe from another computer and try to paste it into the folder, and I'm told I don't have permission to do so. Then things get weird:
1. I uninstalled eClub completely again, removed the eClub folder and every possible saved setting for it.
2. I created a blank eClub folder (ex. C:\Program Files\eClub)
3. I can put anything I want into this folder, including .exes, EXCEPT for eclub.exe, getting the insufficient permission error.
4. I can put eclub.exe in subfolders of C:\Program Files\eClub without a problem
I checked all my permission levels and have full access to everything. I even manually added permissions to the eClub folder and eclub.exe. I ended up just installing the program under another folder name (C:\Program Files\eClub2) and it worked perfectly fine.
I'll probably end up just wiping the computer and starting over, but it got me wondering, what settings has this virus altered to affect a specific file being placed in a specific folder like this? I've never come across this and it baffles me. Any input would be greatly appreciated.
Edited by hamluis, 19 November 2015 - 08:20 PM.
Moved from Win 7 to Am I Infected - Hamluis.