Even computer consultants and IT managers occasionally end up getting infected with a nasty virus, Malware or Trojan.
So was the case for this IT guy! I write this post in the hopes that it might help someone else that has come in contact with a nasty Trojan Virus, specifically TROJAN:JS/SEEDABUTOR.B. Full disclosure: I am still not positive that the actual infection was this particular Trojan as Microsoft Security Essentials reported two different variants.
I am fairly certain as to where the infection came from. In short it was from an email that I sent to myself from a clients computer that was having issues with sending email. I had run a complete scan on the clients computer first using Microsoft Security Scanner and Malwarebytes and both programs showed no infections. It wasn't until a FULL SCAN was run that the infection became apparent.
Word to the wise and my own advice that I didn't follow: Always run these scan tools in SAFE MODE and as FULL SCAN, not a Quick Scan.
Running a FULL SCAN did show that the clients computer was infected. I was able to remove the infection and all was good on the clients computer.My main workstation that received the clients test email had become infected. Microsoft Security Essentials, aproximately a day later warned me of the infection and stated that it had been quarintined. I rebooted in SAFE MODE, ran the removal tools and thought that was the end of it. Well, it definately was not the end to this Trojan. It came back with avengence! My RAID drive system was badly infected.As many scans as I ran I could not remove this infection. Virus removal tools, modifying the registry, etc. all failed. I spent almost an entire day researching this viral strain and the tools needed. My first indication that I might be in trouble came when I stumbled across an article from a user that had been infected with this strain. The finally solution for them was to wipe the drive, format, and reload. ugh!I ended up reinstalling Windows 7 on the same drive, but did not format the drive first. As you probably guessed, the infection was detected again two days later by Microsoft Security Essentials. This time the scanner was only detecting the infected files, the actual infection had not spread to the registry or the OS Memory.
The solution: I ended up booting the system in UBUNTU. Microsoft Security Essentials had
given me enough information to know that the infection was located in a hidden file folder on the root of the hard drive. Once I booted into UBUNTU, I deleted the file folder. This process took 32 hours to delete the folder!!! There was a total of 45 gigabytes and millions of files that the virus had created inside of this folder.
After succesfully deleting this Trojan (32 hours later!) I re-scanned the system using the above mentioned tools.