Jump to content

MalwareBytes Missing a virus/malware signature

Recommended Posts

Hi There:

I have the majority of my servers (3) in my domain infected with some type of malware (or more than one) I have scanned with malwarebytes, Search and Destroy (S&D) and AVG to no avail. First, I have done the following:

1. Rebuilt my domain twice with different domain name, applying W2003 SP2, and loading in Malwarebytes before hooking up to the LAN until I needed to download windows updates, downloaded AVG and S&D and ran them all/

Each time I got reinfected.

2. All of the infected servers have the malware trying to get out to,, among others and they are caught by Malwarebytes monitor.

3. All of the servers have multiple DNS.exe and lsass.exe instances spawned.

4. The same or different malware took over my domain admin and locked me out EVEN AFTER I REINSTALLED THE DOMAIN WITH A DIFFERENT NAME!

I have run sysinternals RootkitRevealer and nothing showed up except for incorrect truncation in the HKLM\software\classes\CLSID\{5645C8C2-E277-11CF-8FDA-00AA00A14F93}\inprocserver32\ThreadingModel. According to the sysinternals forums, Microsoft truncated the entry "Both" to "Bo". the forum is here:


I'm at the end of my rope!

Help would be appreciated.

Link to post
Share on other sites

Thanks Jacktivity:

Two of the servers are domain controllers. the third is my exchange server.

Because malware has taken over the admin account (I can still use it but I can't change anything), I can't add my name (admin) or anyone else in the organization to the newly built domain.

So email is out.

When I promoted the first server to a DC on the new domain, I was able to create an alternate admin account, but whatever malware it is, has changed my password.


P.S. I just purchased 3 licenses, but no email so no order number. The account is Phil Wyatt, Medical Central Online.


Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.