Virus in store computer??

[wonderbee]

Hey, I need some help!! Our computer at one of our business locations is acting super crazy. We definitely had a few viruses which according to our anti-virus got deleted, but there are still some strange things going on. Someone hacked our computer I believe because no one has claimed to download anything or visit any strange sites. The person had access to our full system as they had made four different Microsoft accounts all locked with passwords; we had to boot into safe mode and erase them.

So according to the anti-virus we had a few Trojans, tracking cookies, malware, and **** load of other crap, but it deleted it ... we however have weird **** going on. Our command prompt pops up every time we open and goes us these strange logs, or at least they seem strange to me as they did not pop up before; I attached a couple of pics of what is says.

We are running windows XP btw, so that might have to do with it ... and we have the internet connected directly to the pc, it doesn't run through a modem because ours got bricked somehow, which by the way was at the same time our computer went crazy.

Does anybody know if the logs in the CP are normal??? Or any idea as to if it is possible that the person, virus or whatever, still has access to our computer even though I've scanned it like 5 times with Norton and it says it is squeaky clean?? Because before they had access to EVERYTHING in our pc, they made changes only an admin account can. Thanks!!

 

[carnageX]

Looks like there's a backdoor open still and there's scripts automatically running FTP requests to download malware.

Firstly, You really should be getting off of XP because it is End of Life and no longer receiving security updates. Does your company's software work on Windows 7? If so, you should be migrating over. You could get 1 Win7 system setup and test all of your sofware on it to make sure it all works properly, and then migrate the rest of the systems over to Win7 once you find settings that work. It can be an expensive upgrade...but a necessary one for businesses IMO.

Secondly... ditch Norton as your AV. Since you're running in a business you'll have to go with a commercial solution so you're not violating any TOS's... so something like Eset, Kaspersky, or BitDefender will do much better.

Thirdly... we need to get rid of this malware still so you can actually do the 2 above things.

One thing you can check right away is check for a proxy setting:
Control Panel -> Internet Options -> Connections tab -> LAN Settings... -> uncheck the "Proxy" checkbox if it is checked.

Download Malwarebytes Antimalware for this system and run a full scan. Delete anything it finds and post the log here.

Next, get HiJackThis: HiJackThis | Free software downloads at SourceForge.net
Run it and post the logfile here (DO NOT REMOVE ANYTHING UNLESS TOLD TO!)

Go to Start -> Run.... -> Type in: msconfig
Hit OK and go to the Startup tab and post a screenshot of everything in that list; it's possible the FTP script is getting run on startup like that (or possibly as a scheduled task?)

Speaking of scheduled tasks... go to: Control Panel -> Scheduled Tasks -> post a screenshot of the scheduled tasks.

After that, download AdwCleaner: AdwCleaner Download
But do not run it yet. We will run MBAM and HJT first and see what they turn up with.

 

[AlphaSirius]

Oh that's a very serious issue. I think before installing any software make sure that your computer is virus free and install antivirus software.