0

Possible Duplicate:
What to do if my computer is infected by a virus or a malware?

A vista laptop I have been asked to take a look at is exhibiting virus-like behaviour.

When Internet Explorer is open, every ten minutes a new command window opens up with nothing in it. It is a random (increasing digit) exe file which is stored in users/appdata/local/temp

I installed and ran a MalwareBytes AntiMalware full scan and updated and then ran a full McAfee scan. Neither of these showed anything, nor did they delete the executable files.

I looked at the netstat output and nothing showed up out of the ordinary and there were no services running that appeared dubious.

The machine had the full McAfee package on so I would have thought that something "like this" shouldn't have got on to the machine.

It isn't my laptop and I no longer have access to it. My advice was that the machine needs a full format & re-install of windows.

What other approach could I have taken or what other procedures should I have tried?

Community
  • 1
PhillC
  • 173

3 Answers3

6

Usually it is indeed the best idea to reinstall the system as it has lost status of trust and there is no easy way to confirm the system is no longer corupted even after removing some of the malware.

If there where preparations made for such case like taking checksums of trusted states that are compared on a regular basis with the running system you could maybe evaluate such a check and return to a trusted state.

matthias krull
  • 2,674
3

You could do an offline scan: pull the hdd out of the laptop and mount it to another system with an external USB enclosure and scan it that way. Could be a rootkit hiding itself that may not be detectable when the system is up and running.

gravyface
  • 1,264
1

Maybe try turning off all IE plugins and see if it continues.

Alan B
  • 1,305