Recurring virus infection on a domain workstation

anti-virusmalwarewindows 7

One of our users is having a recurring problem with a virus. It has happened to this user on two different machines, in each instance infecting the same program with the same virus.

Malware bytes detects the malware, and yesterday I cleaned the system. Note that MSE doesn't find anything. Malware bytes real-time scanner is running too, but I checked again today and the system is re-infected.

It's a Win 7 Pro SP1 system, it has the latest updates, it's running Windows firewall (as well as being behind a corporate firewall), MSE and MBAM on the system, and still it gets re-infected!

I've scanned the user's network drives in case they're picking it up from there, but so far nothing's been found.

How can I get to the bottom of this recurring virus problem and stop the system from getting infected once and for all?

Best Answer

Trojan.Agent.Gen is a Generic signature. It means that Malwarebytes' heuristics found something, but the application is not sure what it is, so it removes the application only, so any backup or masked copies can still be left on the system. There's even a small chance that this is not a virus at all. If it is a virus, we need to establish a signature first.
Please, kindly do the following:

  1. Scan your PC with a real antivirus engine and post the results. I suggest you use a free utility from kaspersky, they contain their latest virus definitions and a full scale antivirus engine: http://www.kaspersky.com/virusscanner
  2. Take the file that MalwareBytes found and send it to virustotal: https://www.virustotal.com/ Post a link to the results, so I can find a description and give you further advice.
  3. If, for some reason, step 1 doesn't give you any results and you can't find the specific file in step 2, we'll have to do the analysis manually. You'll need to collect an AVZ System Analysis Log. Download the AVZ4 utility http://z-oleg.com/avz4.zip, run standart scripts 1 and 2 and post the results.

P.S. Microsoft Essentials and Malwarebytes are not a substitute for good endpoint security products. They can't handle a lot of viruses because they lack sophisticated security components needed to catch them. If you don't want to run into such problems again, consider bying an industry standard endpoint software by either McAffee, Kaspersky or ESET. Especially if you work in an Enterprise environment.

Related Topic