virus looks like bugbear

[timotep]

Hi,

We have big problem since two days. We are infected on about 100 computers with virus that has same symptom that bugbear. Antivirus trend detect a problem (a .bat) but virus is active.
I think there is two viruses :
We see
- c:\windows\system32\update.2.exe not normal.
- c:\users\username\appdata\randomname\randomname.exe that is created all the time even if erased.
- We deleted all files, but later, files were again here.
- I don't find any informations about delete viruses easily, with patch ?? or script vbs ??

Anyone can help me ? Our servers are infected also, I think a computer with rights on c: is infected and copy files...
Can you help me ?

[essexboy]

On the main computer with admin rights

Download OTL  to your Desktop
Secondary link

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

• Select All Users
  
• Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT

• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Post  both logs