Need help with this one, I installed CIS 8 after the machine got infected (by email)
It doesn’t detect any viruses, but MBAM did catch a few.
The problem is that although I cleaned a few exe files the problem is coming from svchost which is trusted. I can see it connecting to a number of different malicious IP addresses (botnet).
How can I clean this? Deleting svchost will obviously cause some major problems.
We cleaned those, and blocked the known IP’s it seemed to be connecting to. I have not seen any activity yet so it might be okay. I am still worried that it may have replaced legitimate processes.
*Note - I have uploaded the listed executables to Comodo so hopefully they are added to the database as they currently go undetected.