• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 509
  • Last Modified:

biggy.exe virus and u.exe virus

There is a virus...biggy.exe and/or u.exe...that is shutting down servers. We have patched and cleaned the servers but it keeps coming back.  We use Symantec AV throughout.  Any thoughts on this today????  We have had no luck with virus update and/or definitions...

This is killing our network today...
0
Fragmented
Asked:
Fragmented
1 Solution
 
zephyr_hex (Megan)DeveloperCommented:
if it keeps coming back, then either you aren't getting the root of the problem or you are missing an infected computer.

first, are you referring to the corporate symantec AV?  if so, then i would recommend that you give their support line a call.

second, are you doing your scans in safe mode and is the AV stating it has cleaned the infection, or are there errors associated with the removal?
0
 
FragmentedAuthor Commented:
It is Symantec and we have been on the phone with them for support...with no luck.  The scanning is done in safe mode.  We have hit all our servers and it does keep coming back.  I didn't know if someone knew how it was getting in and a way to prevent that...

Thanks..
0
 
willcompCommented:
Take a look at this PAQ.  May be a bit more difficult on W2K server.  Many removal programs do not run on a server OS.

http://www.experts-exchange.com/Software/Internet_Email/Anti-Virus/Q_22390411.html
0
 
zephyr_hex (Megan)DeveloperCommented:
how is symantec identifying the virus (what name does it associate with the virus) ?
0
 
1r2d2c3poCommented:
We just went throught that virus here as well. The virus is varient of rinbot. It will does a few things.

1. It attacks a buffer overrun in the SAV client itself (I think just 10.x clients). You need to go to 10.1.5 or later. It communicates on the same port as the SAV clients do. I believe 2867?? Not sure.

If you look at a systems processes(task manager), you will see a process running called "dnssvc.exe" sometimes 2 instances. You have to kill these processes first.

The root of C:\ might contain the U.exe file. If so, delete it.

Update to the latest client, and def. files.

Do a full system scan.
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now