An ITCSNYC computer security consultant was recently contacted by a law firm where a user there was receiving a notice within one of his anti virus programs (Spybot) stating that the system had been infected by a Trojan horse called Win32.TDSS.rtk. Spybot was finding and removing the malicious code however it would still show up in the system during the next virus scan!
This type of behavior denotes an instance where there are multiple occurrences of the malicious program on an infected computer. Sometimes referred to as a rootkit, this type of malware program will hide references to itself in several locations both on the system hardrive and in the Windows registry (the place where windows stores, along with other information, instructions that are executed each time the computer is booted) so that each time the computer boots the machine is in effect re-infected.
In such a case all instances of the offending program must be found and removed (prior to reboot) in order to completely remove the virus threat. For removing these types of recurring malicious programs we recommend using a tool called Combofix
After downloading and running this tool and following the onscreen directions the client had removed all instances of the Trojan horse from the system.
More tools like this and we may be out of business!
IT Computer Support NYC