I am in the unfortunate position to have to remove soxpeca and everything that comes with it, because the infected machine is a Windows 2000 domain controller and cannot be "quickly formatted". I have found a post that started promising, but then was closed. Please - could anyone guide me through this?
Thanks.
This is what I have tried so far. I am sure you cann see what it means... I was able to kill al processes, and manually remove the services from the registry, but after a reboot they were all back plus c:\winnt\system32\udxfytw.exe appeared... After I killed all processes I wanted to delete the files, but allthough I am domain admin, windows tells me I am not allowed to delete them. Taking ownership and altering the access rights didn't help... I couldn' identify the process, that reinstalls all of them again...
kill -f 3356
del c:\winnt\system32\soxpeca.exe
del c:\winnt\system32\afisicx.exe
kill -f 1800
del c:\winnt\system32\mabidwe.exe
del c:\winnt\system32\noytcyr.exe
del c:\winnt\system32\roytctm.exe
del c:\winnt\system32\tdydowkc.exe
del c:\winnt\system32\wsldoekd.exe
del c:\winnt\system32\udxfytw.exe
ren c:\winnt\system32\mscfco.exe *.exi