John Bartow
john at winhaven.net
Fri Oct 30 10:06:19 CDT 2009
Hi Jim, Holy crap! I haven't seen anything that extreme. If all the stations were the same hardware, it may have been a system update. I've had the reboot cycle happen to a couple of PCs because of that. Although having all the same hardware in one office sounds great maybe that's a drawback and I should feel lucky I have to work on such menageries of equipment ;o) If it was malicious software then it sounds like Vipre caught part of it (probably a rootkit) and disabled it but missed another dependant part or the malware damaged some part of the Windows startup system. If it is Vipre Enterprise the malware detections would be listed in the server's history/quarantine. I have mine set to now announce anything to the user but to email the office administrator. I suggest contacting Sunbelt immediately upon issues like this. Of course if you have an imaging server system setup the easiest way to get back up is to reimage all of the stations. In the meantime I'd dismount one of the stations hard drives and attach and scan it with a "cleaning" machine loaded with Malwarebytes, AntiVir, Stinger, Rootkit Revealer and any other anti-malware products you have confidence in. (I install them without active protection type services running.) Once done I remount the HD and start in safe mode. Using Autoruns I would disable all unnecessary startups and services. Run a deep scan with Vipre in safe mode to clean the registry. (If this is Vipre Enterprise and the agent's options did not include these abilities via the GUI there are command line options available.) If you copy the logs or zip the quarantine files from the other anti-malware products you can submit them to Sunbelt via their support page. They evaluate these and add them to their detections. BTW were these PCs, terminal server stations or what? Odd that the server didn't get hit at all. I'd be very suspicious of that. What security software was on the server? Arg, these mal-ware programmers are getting far too good at what they do. Best of luck in resolving it.