setup.exe and some 0 byte exe files issue

[saint]

Hello,

I had a heavily infected win sbs 2003 server, after some cleanup with malwarebytes+ windows defender offline (a live cd to boot from for rootkits), I have left with couple of problems only.

1) Any file named setup.exe can not be run, it loses its tabs in properties section (such as security, compatibilty etc) it cant be deleted or accessed, you get access denied. Lets say you have a functional exe file, you rename it to setup.exe and bang file is dead. Setup.exe files are the only files that I have issues, rest is good. FYI, setup exe files work fine under safe mode!

2) There are 0 byte random named exe files in root of C drive, they cant be deleted (neither mbytes nor win defender offline could resolve this)

You can find hijackthis log attached.

Any insight is appreciated.

Thanks!

hijackthis.log

[saint]

up

[screen317]

Hi and welcome to Malwarebytes. Is this a corporate server?

[saint]

Hi and welcome to Malwarebytes. Is this a corporate server?

Hey Chris, thanks for your response. Yes it is

[screen317]

Hi,

Thanks for the update. Do you have proper corporate licensing to be using MBAM? If so, please contact corporate support here:

http://www.malwarebytes.org/contact_corporate

If not, please know corporate licensing is required for us to help you. It is a violation of our EULA to be using MBAM in a corporate setting without proper licensing. To obtain it, please visit this page:

http://www.malwarebytes.org/corporate_licensing

[screen317]

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

[screen317]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!