LandzDown Forum

Recently, some computers where I work were hijacked by something called Anti-Spy Spider.  It seems more like a Root kit because its compromised almost all of the security on the computers and our enterprise version of Sophos cant even detect it.  Its changed the desktop background and screen saver and als9o has a web page that it pulls from C:\WINDOWS whenever we try to open IE with the icon.

It brings up fake Security center pages as well claiming that the computer has become infected.

It might also have infected our network, Google has been throwing out "You network could be infected" messaged when attempting to search with it.

We are probably just going to re-image them, but I was wondering, that if it had somehow infected the network somehow, how we could go about exterminating it. 

We are probably just going to re-image them, but I was wondering, that if it had somehow infected the network somehow, how we could go about exterminating it. 

If the server is infected, re-image may only be a temporary fix, it could possibly become reinfected if you have Workstations infected as well.

Time to re-image will require a server shutdown. As well the workstations need to be checked to insure that there clean. I would think about shutting down the routing services to the workstations, check that the server is clean. Then check each workstation, even on re-image of the server, each workstation would still need to be checked, to be sure of no reinfection of the servers. It may be possible to push the cleanup from the server to the workstations.

Either way it will require some time. It is also Dependant of distance of the servers, from the workstations. 

Have you checked with Sophos, to see if they have a fix?

he took the computers off the network and scanned all 8 of the servers on that site with malewarebytes, didnt find anything on them and they werent displaying any weirdness on their windows installs.

We are going to just re-image them later on this month along with that site's computers.