Solved

can't see networked computers after getting win32/rbot-ir worm

Posted on 2006-06-11
3
184 Views
Last Modified: 2013-12-04
Hi,

recently got infected with win32/rbot-ir worm on 2 servers and couple of pcs and seems that now on infected servers when going to my network can't see any other pcs on network and can't map to the servers from pcs or other servers.  Is this from this particular worm or does this seem like symptom of another type of worm?  Is it affecting tcpip or some network or domain component?  When you browse for the infected servers from other pcs and you hit plus sign on the server name to open up the shares, it doesn't open up anything.  Also ran a cleaner utility from sophos which is enterprise antivirus we use and it came up with no worm but i did it remotely so maybe has to be done locally within network.  Also, our isp alerted us about the worm and shut down internet access by putting filter on our t1 line.  Is this common practice by isps coz once they shut down internet access, how would we update ides for existing pcs and how would we use internet to remedy and troubleshoot the worm?  
0
Comment
Question by:eservando
3 Comments
 
LVL 32

Accepted Solution

by:
r-k earned 500 total points
ID: 16882923
Download this from another PC which still has Internet access and run it on the one with network problems. See if it helps:

  http://www.spychecker.com/program/winsockxpfix.html

While you're at it, also download and save the following, and use it if the problem persists:

 http://www.cexx.org/lspfix.htm

Re. the ISP blocking your network access, I guess some will and some won't, there isn't a fixed protocol. You will want to temporarily disconnect your still infected PC's (if any) and then request the ISP to turn your access back on.

If you want to be sure that the worm is really gone or disabled, then do the following:

Download and run HijackThis from http://www.hijackthis.de/
Copy-and-paste the resulting log back to that same web site (not here)
Click on "Analyze", and then click on "Save Analysis" at the bottom of the next page.
Finally post a link here to the saved analyzed page.

Good luck.

0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
suspending the anti virus 6 139
Windows native way of permitting users to run certain programs & services only 2 77
deny local logon 12 105
is this a virus? 3 57
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
OfficeMate Freezes on login or does not load after login credentials are input.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

790 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question