Jim K – virus

Downloader – c:\Windows\system32\digiwet.dll
Symantec Endpoint Protection is throwing blocks
System Restore to prior week – successfull
SEP found digiwet but could not delete it.
Add infected drive to diff machine as f: and run scan – found nothing!?!
Make infected user an admin on the diff machine, log in as him
Renamed digiwet.dll to .rob and scan the F: drive
Found and quarantined three files
Downloader – A0035659.exe
Downloader – A0132009.dll
Downloader – wJQs.exe
Downloader – jkelly.exe
Scan again
Back in machine, safe mode, msconfig and Examine and Clean Registry
Test as user
Delete Internet Data and purge Restore Points
Remove user from Local Admin Group

Symantec Threat Explorer – no help

ThreatExpert reports Trojan Downloader


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s