Possible infection, with odd list of running processes
Good afternoon everone,
I've got a remote "super user" who managed to sneak her infected machine on the network, and suddenly, I know exactly which machines got overlooked during the last security scan.
All but one have been cleaned up, but the remaining infected machine is proving to be a tough nut to crack. I've run Sophos and Trend Micro AV against in, followed by a few rounds of AdAware and SpyBot, mixed in with a little CWEBSHREADER. The problems are still there however, and I have identified the following list of files that seem a bit suspicious.
svchosting.exe
command.eve
wserv32.exe
x.bat
yea.reg
staff.html
According to the searches I've done, these files all belong to a number of different (old) virus variants, but I can't seem to find anything that leaves all of the above.
Any thoughts?