dhcpclient.exe

A few days ago our Marketing head came in with a laptop problem. Needless to say he plugged his machine into our network and something called dhcpclient.exe was created on one of our machines running Windows 2000 Server, in the windows system 32 folder, though this one doesn't act as a server and seems to just be isolated to that machine alone. When connected to our network, it floods it with unessacary traffic and slows everything down. As long as it's unlpuggd life is good. It seems that it also only targeted Windows 2000 Server, because the rest of the machines on that network run XP and two others run plain old 2000. Mcaffee Enterprise 7 didn't find anything, TDS 3 didn't find anything either, nor did Spybot or Adaware. I haven't loaded any other of the free Avs yet, because updating them would require connecting it to a connection, which would not be good. So, has anyone seen this thing before, and does anyone know of any free tools like stinger or something I can run to remove it?

Oh, to top it off, I booted it and safe mode and tried to re-name the file, but it wouldn't even let me do that....

Any help would be greatly appreciated.

Thanks

 

Here is a little information on what it could be from Symantec:

http://securityresponse.symantec.com/avcenter/venc/data/w32.toxbot.html

I hope this helps

 

Hey thanks man, that really helped. I guess looking at the date shows that it's relatively new and would explain why Mcafee hadn't grabbed it just yet....

 

Always glad to help.

I hope you are able to get it cleaned