we are having an unknown infection on 7 of 8 computers in our company.
I couldn't find much using various AV Programs and Tools.
Looked nearer at approximately 50 infected files with Adlice RK PE Viewer, let me see that the most of them are having sandboxes, anti-debugging scanner / debugging blocker and stuff like that to protect itself and hide of AV.
At least since beginning of this infection (last Thursday) concrete objects found by AV: (all PC together)
G DATA found 6 PSW-Tools and 3 OCS-Tools
ESET found 3 PSW-Tools
RogueKiller found 14 PUM's and 2 Rootkit IAT:Addr(Hook.IEAT)
The 8th computer was off and not hanging in the local Intranet by the time of the infection, so he stayed clean. We won't put him back in the network until the other PC are cleaned.
Concrete symptoms are: Some files are encrypted (new extensions like .crypt, .crypto, .crypted, .encrypted and so on which aren't possible to open), some files are just renamed or the extension was changed to another normal file type. Some files are damaged, which causes programs to hang often and crash. Some files are just edited shortly ago, which has no visible effect.
At least, some programs are completely not working anymore and on 3 PC's there is until now no ability to connect to the Internet.
In the hope, someone here can help me, I did scans with Farbar Recovery Scan Tool at the 7 infected PC's.
All Logs are now in the same post, because of deletion of my other posts. The logs can be found in the second reply.
I hope someone here is able to help me with my problem!
Edited by Lobas, 30 October 2017 - 06:09 PM.