?
Solved

can't see networked computers after getting win32/rbot-ir worm

Posted on 2006-06-11
3
Medium Priority
?
192 Views
Last Modified: 2013-12-04
Hi,

recently got infected with win32/rbot-ir worm on 2 servers and couple of pcs and seems that now on infected servers when going to my network can't see any other pcs on network and can't map to the servers from pcs or other servers.  Is this from this particular worm or does this seem like symptom of another type of worm?  Is it affecting tcpip or some network or domain component?  When you browse for the infected servers from other pcs and you hit plus sign on the server name to open up the shares, it doesn't open up anything.  Also ran a cleaner utility from sophos which is enterprise antivirus we use and it came up with no worm but i did it remotely so maybe has to be done locally within network.  Also, our isp alerted us about the worm and shut down internet access by putting filter on our t1 line.  Is this common practice by isps coz once they shut down internet access, how would we update ides for existing pcs and how would we use internet to remedy and troubleshoot the worm?  
0
Comment
Question by:eservando
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 32

Accepted Solution

by:
r-k earned 2000 total points
ID: 16882923
Download this from another PC which still has Internet access and run it on the one with network problems. See if it helps:

  http://www.spychecker.com/program/winsockxpfix.html

While you're at it, also download and save the following, and use it if the problem persists:

 http://www.cexx.org/lspfix.htm

Re. the ISP blocking your network access, I guess some will and some won't, there isn't a fixed protocol. You will want to temporarily disconnect your still infected PC's (if any) and then request the ISP to turn your access back on.

If you want to be sure that the worm is really gone or disabled, then do the following:

Download and run HijackThis from http://www.hijackthis.de/
Copy-and-paste the resulting log back to that same web site (not here)
Click on "Analyze", and then click on "Save Analysis" at the bottom of the next page.
Finally post a link here to the saved analyzed page.

Good luck.

0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Suggested Courses
Course of the Month14 days, 3 hours left to enroll

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question