Solved

can't see networked computers after getting win32/rbot-ir worm

Posted on 2006-06-11
3
181 Views
Last Modified: 2013-12-04
Hi,

recently got infected with win32/rbot-ir worm on 2 servers and couple of pcs and seems that now on infected servers when going to my network can't see any other pcs on network and can't map to the servers from pcs or other servers.  Is this from this particular worm or does this seem like symptom of another type of worm?  Is it affecting tcpip or some network or domain component?  When you browse for the infected servers from other pcs and you hit plus sign on the server name to open up the shares, it doesn't open up anything.  Also ran a cleaner utility from sophos which is enterprise antivirus we use and it came up with no worm but i did it remotely so maybe has to be done locally within network.  Also, our isp alerted us about the worm and shut down internet access by putting filter on our t1 line.  Is this common practice by isps coz once they shut down internet access, how would we update ides for existing pcs and how would we use internet to remedy and troubleshoot the worm?  
0
Comment
Question by:eservando
3 Comments
 
LVL 32

Accepted Solution

by:
r-k earned 500 total points
Comment Utility
Download this from another PC which still has Internet access and run it on the one with network problems. See if it helps:

  http://www.spychecker.com/program/winsockxpfix.html

While you're at it, also download and save the following, and use it if the problem persists:

 http://www.cexx.org/lspfix.htm

Re. the ISP blocking your network access, I guess some will and some won't, there isn't a fixed protocol. You will want to temporarily disconnect your still infected PC's (if any) and then request the ISP to turn your access back on.

If you want to be sure that the worm is really gone or disabled, then do the following:

Download and run HijackThis from http://www.hijackthis.de/
Copy-and-paste the resulting log back to that same web site (not here)
Click on "Analyze", and then click on "Save Analysis" at the bottom of the next page.
Finally post a link here to the saved analyzed page.

Good luck.

0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now