Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How to effectively remove Malware in Win2K

Posted on 2004-08-25
4
Medium Priority
?
200 Views
Last Modified: 2010-04-14
Hi, we've been attacked by malware (I think); everytime I think I found where it lives; it's back again.
registry hacks to HKLM\SOFTWARE\MICROSOFT\WINDOWS\Currentversion\Run don't to work because
they get reloaded. Some of the files installed by this attack are:

mt.exe (redirects browser to porn site)
winupd.exe
svchosts.exe

these files are randomly seeded throught the OS

on the root of c:\ it sometimes adds:
Java.exe
bar.exe
bars.exe

on network servers; administrative shares get removed

I think these symptoms may also apply to W32.spybot.worm.

PLEASE HELP! :)

thanks,
NT
0
Comment
Question by:NTucci
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 17

Expert Comment

by:Microtech
ID: 11892828
Hi NTucci,

experts have put a pge together just for this solution at http://www.experts-exchange.com/Web/Browser_Issues/Q_20975384.html

Hope This helps
0
 
LVL 32

Expert Comment

by:LucF
ID: 11892834
Hi NTucci,

You can find a list of tools here:
http://www.experts-exchange.com/Q_20975384.html

I suggest you to run at least Ad-aware fully updated on the troubling computers.
And run stinger from http://vil.nai.com/vil/stinger/ to get rid of the spybot worm.

Make sure that you do both in safe mode and without any connection to the network to prevent the system from infecting others.

If that doesn't help, get yourself hijackthis and post the logfile it creates here so we can take a look at it.

Greetings,

LucF
0
 
LVL 32

Expert Comment

by:LucF
ID: 11892840
nice timing Microtech :)
0
 
LVL 17

Accepted Solution

by:
Microtech earned 1500 total points
ID: 11892896
thanks... not on the decaff today
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
When trying to connect from SSMS v17.x to a SQL Server Integration Services 2016 instance or previous version, you get the error “Connecting to the Integration Services service on the computer failed with the following error: 'The specified service …
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question