New trojan removal please help
At my job we've been getting some viruses that look alot alike but always different. Various software that I scan with calls it a trojan. It may be a rootkit as well but rootkit scanners never find anything.
It looks like a process running with a name like a ip address numbers and periods. You can find some files with similar name and naming scheme in app data and temp files. Anything you do in windows is completely ineffective. No task killer, file unlocker, module tracer etc. works.
I've used alot of preboot tools and you can delete the files and rather trickily i find a Microsoft verified service in start up. However nothing I do works. On every boot the process is still there and variations of the files in app data are regenerated. Sometimes I'm able to see that the service that WAS associated with it is no longer running and hasn't been replaced with something else. But Im unable still to find the right way to clean these systems. Things like restores, in place installs etc. dont fix it. So I end up formating so I dont waste more time.
Alot of tools I use seem to only ever find part of the virus. Some app files but not the temp ones or vice verse or just the service.
One of the computers I put a crazy amount of effort into because we were slow. Seems at some point after failed cleaning it does begin to disable anti virus protection or installation and later internet. Eventually it appeared that the microsoft security essentials that was already on it was a part of the virus itself. I thought the system had finally been cured and the moment I clicked MSE bam. Noticed that the .exe's for MSE all had the blank icon look and were unable to be deleted.
I'm assuming I'm missing some start up entry or service somewhere but seem to be unable to weed out that last trace. Any suggestions or tools Id appreciate it 