Win32ssr.exe virus

Greetings :
                I  need  an urgent  assistant  to   eliminate    win32ssr.exe   from my network. I    have tried  all means and  it not  working  out . Regards .
                                                                                                                             Ernest
ernarteyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ChatableCommented:
Put this reg file on an accessibel network share (preferably in your netlogon on your DC):

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"EnableDCOM"="Y"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"restrictanonymous"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify"=dword:00000000
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger]
"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry]
"Start"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr]
"Start"=dword:00000003

Also put instsrv.exe (which is a part of the Windows Resource Kit, which is freely available for download from Microsoft's website) in the same folder.
For the rest of these instructions we'll suppose you saved the files as: \\server\neetlogon\scripts\regchg1.reg and \\server\netlogon\scripts\instsrv.exe (change them in the following batch file to the real location). If your network has any Windows 2000 computers you will also need shutdown.exe from the reskit. Put it in the same folder.

Now create the following batch file and install it on yur domain as a script:

@echo off
REM W32.SdBot.AOS elimination scriptstartup
if not exist %systemroot%\win32ssr.exe goto end
REM Stop the worm service
net stop Win32Sr
REM Remove the worm service
\\server\netlogon\scripts\instsrv.exe Win32Sr REMOVE
REM Delete the worm
del %systemroot%\win32ssr.exe
REM Undo changes made to the registry
regedit /s \\server\netlogon\scripts\regchg1.reg
REM Restart the computer
\\server\netlogon\scripts\shutdown.exe /r
:end
ChatableCommented:
Now create the following batch file and install it on your domain as a *startup* script
rpggamergirlCommented:
Have you tried this one?
MS malicious software removal tool:
http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

If we could also look at your Hijackthis log, download HijackThis 1.99.1
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe

Open Hijackthis, click "scan and save a logfile" don't fix anything yet, just upload the logfile created and post the link to the log here.

Or copy and paste the log at;
http://www.hijackthis.de/ 
and click Analyse, Save.  Post a link to the saved list here.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.