---

sannmateo wrote:

I have discovered that our network at our store has become infected with trojan horse named system.exe. It starts a process called system at boot up, even in safe mode and if you attempt to stop or close it, it will reboot the pc. To make matters worse it broadcasts over your network, wired or wireless. It sits in HKLM/SOFTWARE/Microsoft/Windows/Currenten Version/Run/HBSecure32 (value is SYSTEM.EXE with no path). When you attempt to delete or modify it, I assume the process named "system" in task manager adds a new one. I installed NIS 2009 on this machine and it found several other dangerous spywares and trojans but failed to remove the one (SYSTEM.EXE) which is broadcasting and infecting all other pc's. If anyone has any suggestions it would be greatly appreciated.

 

Matt

Message Edited by sannmateo on 11-22-2008 04:26 PM

---

Matt, this is a scary one.

Read this page and see if any of it is of help to you - it might be outdated by some new variant:  Mitglieder.

Symantec has a product that runs at power-on which is free for NIS 2009 users (and I think for NAV 2009 users).  It's called Norton Recovery Disk and runs a full system scan at power-on, updating its virus sigs then.  You can get it at NRD; make sure your read the instructions carefully.  The disk does not use any of your system files so it can run without contamination and with not be prevented from deleting anything.  I would suggest using a friend's or other computer to get and burn this to a CD.  Power on with the CD in the drive, launch it, use it (you will need your NIS or NAV activation key to proceed), boot to Safe Mode (with network/internet access) and follow the rest of the procedure in the link I posted above.  Also, download Malwarebytes form malwarebytes.com and use it in Safe Mode.

Good luck,