Jump to content

Malware removed but damage not reversed


Recommended Posts

A user in my company visited an infected web page and our antivirus did not catch it. Much damage was done and, although scanning with Mbam was able to find and remove the rogue dll's and exe's, it was not able to completely reverse the damage. Specifically, infected machines (there are about 30 in our company) will cycle infinately if a reboot is attempted. Also, remote desktop communications, in and out, are damages by the malware.

WARNING: do not visit the following url's unless you are ready for a nasty infection!

The site that infected our network was located at: hxxp://www.simetric.co.uk/si_cc2hp.htm which contains an infection script that I think then redirects a hidden browser process to

hxxp://77.221.133.172/.spo/?ab3df1b104a949...aa3d44bc9c1a830

This starts a chain reaction infection that not only infects your machine but also machines on your subnet and adjacent subnets in your network.

If anyone has a way of reverse engineering this or tracking it in a protected environment, that would be great. I really need to know how to fix the damage and make these computers bootable.

Edited by AdvancedSetup
disabled direct links
Link to post
Share on other sites

Greetings and welcome to the forum. To get you fixed up please read the instructions here: http://www.malwarebytes.org/forums/index.php?showtopic=2936 and post your logs in a new topic here: http://www.malwarebytes.org/forums/index.php?showforum=7

Please be sure not to install any software or use any removal/scanning tools exept those that you are instructed to by the expert who will be assisting you as doing so can make their job much more difficult. At the very least they can make sure that you did in fact remove the entire infection as well as help you repair that machine, and most likely if any component of the infection wasn't removed by Malwarebyte's scanner, then the rest of it (discovered by the logs you will post) can be added to the definitions so you can run MBAM on the other machines to get rid of all the nasties. As far as I know Malwarebyte's also offers a bulk discount rate (maybe an even cheaper one for businesses), this may help prevent future infections and may be worth looking into. Good luck and safe surfing.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.