Every 2 minutes a popup occurs on 3 computers in our office stating:
[SID: 24235] System Infected. Trojan SpyEye Activity detected.
When I go to the client management logs - Security Log, it shows that this is happening every 1-2 minutes for the last 3 or so hours.
Event Type: Intrusion Prevention
Direction: Outgoing
Protocol: TCP
Remote Host: this is several different IP addresses
41.222.11.122
218.24.113.3
195.214.238.241
71.32.80.211
Different IP addresses for each time an intrusion occurs.
When I click any one of these logs below it shows
[SID: 24235] System Infected. Trojan SpyEye Activity detected.
Traffic has been blocked from this application: C:\Windows\explorer.exe
What do I do about this, it keeps happening over and over, I have ran an active and full scan and nothing is found??