I recently discovered this after a badly infected machine on the same network was pulled out of service. The infected box had read only access to a file share on the Dual P3 server. The server is running W2K3sp2 and IE7 5730.13 and no has no additional security updates. I took the infected box out of service when I discovered that wmsyspr9.sys had wormed its way onto the server %windir%. I removed the wmsyspr9.prx from the server and the scans looked clean but the server was running a little slow so I started poking around and discovered that the .dat files now had this curious file type designation. I tried to change it in my "tools:folder options: file type" but the edits are ignored. I have some scan logs ready to post but I thought there might be a less intensive remedy :)

Please feel free to move this thread.

Hello.

This forum is set up to assist single PC users, what environment is this server in?

Cheers.

Thanks for responding. The server is on a private network with only the router doing DHCP and DNS. It's running W2K3sp2 and IE7 build 5730.13 with no additional security updates. I didn't want to post until I had more evidence of an infection. Please see my other post (http://forums.spybot.info/showthread.php?t=22765) for information on the symptoms.

Hello.

As you have started another topic I will close this one. :)