Jump to content

Recommended Posts

I have two Windows 2003 Servers infected with bloodhound.exploit.343 quite badly. I have spend hours trying to remove it now and I really need help. I have been using Malwarebytes as well as Symantec Endpoint 11. The same three infections keep coming back.

Basically Malwarebytes will find the same exact infections over and over again even though I do the delete and restart at the end of the scan. The files it keep finding are all setup50045.fon files. They are always in the same location and always the same ones. When I search for the files and manually go to where they should be, they are never there. I delete the files from quarantine and they come back again when I do another scan.

Symantec finds two other types of files over and over. They are bloodhound.exploit.343 and W32.SillyFDC.BDP. They appear in quarantine usually after I restart the server to conclude the Malwarebytes scan. I delete the files from quarantine each time but they come back as well.

I have done manual searches for .lnk files as suggested in other posts on the internet. Only once did I actually find any .lnk files and I manually deleted them. Since then the searches never find any even though the infection still exists. I have tried rkill before running scans as well. Nothing seems to work. The only thing I have not tried is booting into safe mode and this is simply because I'm not at the same location as the servers and I am using Microsoft Remote Desktop to do all this.

Any one have any ideas??? I'm really at my wits end here.

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Is this a corporate computer? If not, please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post DDS.txt directly into your reply.

Link to post
Share on other sites

  • 5 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.