Solved

can't see networked computers after getting win32/rbot-ir worm

Posted on 2006-06-11
3
185 Views
Last Modified: 2013-12-04
Hi,

recently got infected with win32/rbot-ir worm on 2 servers and couple of pcs and seems that now on infected servers when going to my network can't see any other pcs on network and can't map to the servers from pcs or other servers.  Is this from this particular worm or does this seem like symptom of another type of worm?  Is it affecting tcpip or some network or domain component?  When you browse for the infected servers from other pcs and you hit plus sign on the server name to open up the shares, it doesn't open up anything.  Also ran a cleaner utility from sophos which is enterprise antivirus we use and it came up with no worm but i did it remotely so maybe has to be done locally within network.  Also, our isp alerted us about the worm and shut down internet access by putting filter on our t1 line.  Is this common practice by isps coz once they shut down internet access, how would we update ides for existing pcs and how would we use internet to remedy and troubleshoot the worm?  
0
Comment
Question by:eservando
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 32

Accepted Solution

by:
r-k earned 500 total points
ID: 16882923
Download this from another PC which still has Internet access and run it on the one with network problems. See if it helps:

  http://www.spychecker.com/program/winsockxpfix.html

While you're at it, also download and save the following, and use it if the problem persists:

 http://www.cexx.org/lspfix.htm

Re. the ISP blocking your network access, I guess some will and some won't, there isn't a fixed protocol. You will want to temporarily disconnect your still infected PC's (if any) and then request the ISP to turn your access back on.

If you want to be sure that the worm is really gone or disabled, then do the following:

Download and run HijackThis from http://www.hijackthis.de/
Copy-and-paste the resulting log back to that same web site (not here)
Click on "Analyze", and then click on "Save Analysis" at the bottom of the next page.
Finally post a link here to the saved analyzed page.

Good luck.

0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question