Has any heard of or been infected with the virus MALZER.EXE? My network has been infected and within an hour of removing the virus it comes back up. The virus has been replicating itself throughout the workstations on the network and is now starting to infect the file servers. Any help on this would be great.
Who is your AV Vendor ? Its best to ring them directly with this issue as they may have steps to stop the infection from propergating again once you have cleaned the systems. If they haven't even got IDE's or anything for it then send them a copy and i am sure they will work to write something for ya.
Sorry but i have never come across this one and it seems that its relativly new since google doesn't pick much up on it either.
also, prior to doing smurf's advice you could for the meantime, disconnect the infected workstations from the network to prevent further infection to other hosts. it is best that when removing virus, malware, trojans, etc. from an infected pc, to disconnect it from the network and isolating from the rest.
check the following:
- task manager
- documents and settings/temporary folders (hidden)
- system folders
for any suspicious and unwanted files/folders/applications
Great advice Jhun hopefully that will help to stop it propergating through the network as much.
I was thinking last night as i was nodding off (sad i know), why is this propegating like it is ? Can you confirm that your machines are all fully patched ?
When Blaster (and its varients) hit, the main reason for this was an unpatched vulnerability which allowed the windows shares to be accessed. Something similar must be happening here if its spreading across the network so i would also ensure that your machines are patched as this could be the reason why they are getting re-infected.
for the meantime, disconnect the infected workstations from the network to prevent further infection to other hosts. it is best that when removing virus, malware, trojans, etc. from an infected pc, to disconnect it from the network and isolating from the rest.
follow what jhun had suggested.
have you tried hijackthis? very effective in removing malware entries but be careful in using it, you might remove legitimate entries, or post the hijackthis scan result here so we can see,
use adaware from lavasoft.
or find another PC which you find free from virus, connect to this pc the harddisk of the infected pc then boot the PC (but be sure you are booting from the virusfree harddisk), then run scan.