My network got infected with worm virus that creates programs with folder names in that folder. it will crawl shares.
Most of the infection is in the shares and local user folders.
The root of the share will have 3 bat files, actually programs with random name, and autorun.pif that contains adding these bat programs to Shell, Open, and Exe commands. Here is part of the autorun:
The virus is protected with active system process
Norton claims this is less than 5 days, but the virus ID relates to infections from year 2007.
The files created different extensions created are *.exe, *.bat, *.pif, *.scr. The files sizes in Bytes: 491520, 667648,651264,1036288
Few files will have System or read-only attributes.
When active, the virus will spread to USB drive in the same way.
The virus will not let JRT or Malwarebytes run.
Luckily Rkill will kill 3 process that hold the active virus, sometime I ran Rkill second time. After that Malewarebytes and JRT can run.
I manually deleted all the files involved and the system "seems" clean. But I have to clean 20 more PC and wish to find cleaner.
Please let me know.