We were hit by this Trojan at work this week. The IT company we have tried to clean my pc via remote. Next morning it was back. Norton gives a warning but can't cure it. Seems to be blocking IP addies though. Malwarebytes don't see it at all. Gmer don't see it. Been doing some research online and it appears it hides it's encrypted reg settings and dos not use any files. Any the the IT guy said he reformatted the managers pc and the infection came back right after he booted up his pc. Is this a new form of Powerliks? and why is there no talk about it here?
Hi, wierd your IT dept can't sort it ! A few help www's "appear" to have sorted it for a number of people. As for malware etc interest on here, fings ain't what they used to be ?
The IT department needs to reimage your workstation pronto. Also: HIPS-bypassing malware in the wild, hitting a Wilders member, as soon as I start working on my own HIPS project... Go figure.
Try HitmanPro which recently gained Powerliks detection and removal. Next to Poweliks infection it will also clean other malware possibly dropping the Poweliks malware. http://www.hitmanpro.com/whatsnew
Sad thing is the IT people are an outside company hired by contact. The manager said he was thinking about finding another company. He stricky said we can't work on our own because we are suppose to be repairing their customers stuff instead lol. I did it at my last company. At least the IT guy gave me admin rights now so I can dig around myself. As I was leaving work last night, I saw the IT guy working on the managers pc and just commented. IT IS A NASTY ONE ISN"T IT? and asked what he was doing. That is when he said he was changing the hard drive and not taking any chances. I am sure the manager must have had a few kind words with him after he said he reformatted the drive and it came back. Do you guys think this is one of them hiding on bad sectors meanies?
As a side note. I sneaked and ran Norton Power eraser yesterday and it finds and deletes the reg entry but low and behold it comes back. I also ran Rougekiller and it finds and deletes the entry and I even rebooted right away as they recommend but it comes back. Persistent little bugger that is for sure. I think this is a newer strain than what is on those help forums. I will give Hitman and eset a try too. Actually I don't care if I get fired because I am retiring in a few months anyway LOL
SO far the Eset cleaning tool seem to have worked. I don't see any new Dlhost processes being started and don't see my internet security settings being changed. If anyone else runs into this , you cant download any security programs or exes until you change your internet security settings back to default.
I just checked the malwarbytes forum and see the removal helpers are getting hammered by this nasty. Tried to post the eset link to their removal tool but as usual my stuff gets deleted and they just like the punishment of running through the gambit to help fix it lol