|Subject:||Howto detect and remove|
|Posted by:||Milos Puchta (puch…@fel.cvut.cz)|
|Date:||Mon, 23 Mar 2009|
I have an W2K3( R2 SP2) Active Directory network
with ISA Server 2006 at the edge. Most computers
use Avast AV.
I have monitored attempts to connect from inside server
to foreign servers, in this case it is medical network in
California. I could not fully analyzed the process,as it
takes short time to appear. To give precise data,
unwanted process tried by robin like behaviour
connect several servers from network 220.127.116.11
Servers are 64bit operating system and I could not
use RootkitRevealer. Because of installation time
for ProcessExplorer with Symbols take more time
that the activity of that "beast", I have no trace...
What do you recommend to recover system back
to safe default?