Weird Security Incident, Please help!!!

Hi,

I have a weird issue thats going on the network. Some of the Windows XP machines are either infected or affected by this problem. i cant call it a virus because there is nothing on Symantec's website or on the internet or maybe i havent looked hard enough...but right i am desperate more and more pcs are getting this. the symptoms are as follows :-

unknown folders created in C drive - named as X or multiple "X" - the contents are randomly picked up from other folders on the machine e.g. i386

Outlook gives an error message and when outlook is restarted it will not link to the pst file due to insufficient rights

Application uninstall by itselft including Symantec Endpoint Security 11, Oracle client, Avaya IP Softphone, etc.

PC does not boot up due to the system folder is missing or the files in system folder is missing - data is still intact

We have Symantec Endpoint Protection Manager as the AV Server nothing is reported the PC's affected do not show any sort of virus attack or such. i am baffled....has anyone come across this kind of situation.

What should I do next? We had scanned infected PCs's hard disk using latest Symantec & McAfee anti-virus by attching hard disk as USB drive on a clean PC. Also run number of anti-rootkits tools but... ;(

I'm not sure whether this is insider job - sabotage our IT system. Any tools I can use or any log should I be looking at now.... had checked Windows event viewer but can not find anything that is suspicious

 

I don't have any sort of expertise with network admin etc. but it seems you may need some specialist tools.

Have a look at the Sans.org site, which is maintained by, and for, network security admins; https://www.sans.org/security-resources.php (the Internet Storm Center is very interesting).

 

You could try a coupla other blacklist scanners?

Dr Web's Cureit seems to do quite well against viruts then try a follow up scan with Malwarebytes' Antimalware.