Solved

How to effectively remove Malware in Win2K

Posted on 2004-08-25
4
193 Views
Last Modified: 2010-04-14
Hi, we've been attacked by malware (I think); everytime I think I found where it lives; it's back again.
registry hacks to HKLM\SOFTWARE\MICROSOFT\WINDOWS\Currentversion\Run don't to work because
they get reloaded. Some of the files installed by this attack are:

mt.exe (redirects browser to porn site)
winupd.exe
svchosts.exe

these files are randomly seeded throught the OS

on the root of c:\ it sometimes adds:
Java.exe
bar.exe
bars.exe

on network servers; administrative shares get removed

I think these symptoms may also apply to W32.spybot.worm.

PLEASE HELP! :)

thanks,
NT
0
Comment
Question by:NTucci
  • 2
  • 2
4 Comments
 
LVL 17

Expert Comment

by:Microtech
Comment Utility
Hi NTucci,

experts have put a pge together just for this solution at http://www.experts-exchange.com/Web/Browser_Issues/Q_20975384.html

Hope This helps
0
 
LVL 32

Expert Comment

by:Luc Franken
Comment Utility
Hi NTucci,

You can find a list of tools here:
http://www.experts-exchange.com/Q_20975384.html

I suggest you to run at least Ad-aware fully updated on the troubling computers.
And run stinger from http://vil.nai.com/vil/stinger/ to get rid of the spybot worm.

Make sure that you do both in safe mode and without any connection to the network to prevent the system from infecting others.

If that doesn't help, get yourself hijackthis and post the logfile it creates here so we can take a look at it.

Greetings,

LucF
0
 
LVL 32

Expert Comment

by:Luc Franken
Comment Utility
nice timing Microtech :)
0
 
LVL 17

Accepted Solution

by:
Microtech earned 500 total points
Comment Utility
thanks... not on the decaff today
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now