i have a problem with a user who recently was infected with nemucod. i have run many anti (everything) and the system comes up clean. the problems are that when the computer starts IE also starts, and equally troublesome is that when i right click any application or file i get an termination message from hitman pro stating that it has terminated explorer 6.1 to stop it from doing something malicious.
here is the path it seems intent on getting at:
\\"server"\"serverdata"\virtualclonedrive\elbyvcdshell.dll
it give this process trace:
1 c:\windows\explorer.exe (4364)
explorer.exe
2 c:\windows\system32\winlogon.exe (4284)
winlogon.exe
3 c:\windows\system32\smss.exe (896)
\systemroot\system32\smss.exe 00000000 00000048
i can only think of wiping the system. any help would be appreciated.