How do I get rid of this malware?,,,, BKDR_SERVU.GY C:\WINDOWS\system32\drivers\etc\ras\SQLsecurity.exe
Here's my hijackthis log.. Logfile of HijackThis v1.99.1 Scan saved at 8:19:16 AM, on 4/17/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\drivers\etc\ras\SQLsecurity.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Milton Wade\Desktop\HijackThis.exe
I got a machine with windows 2000 with the same files. C:\WINDOWS\system32\drivers\etc\ras\SQLsecurity.exe was a FTP Daemon in my case. I advise you to reinstall your SO, and with the firewall enable, run windows update until you receive the message: there are no more updates available (critical). Were you running VNC, openssh or another service?
