Solved

biggy.exe virus and u.exe virus

Posted on 2007-03-19
5
496 Views
Last Modified: 2013-12-09
There is a virus...biggy.exe and/or u.exe...that is shutting down servers. We have patched and cleaned the servers but it keeps coming back.  We use Symantec AV throughout.  Any thoughts on this today????  We have had no luck with virus update and/or definitions...

This is killing our network today...
0
Comment
Question by:Fragmented
5 Comments
 
LVL 42

Expert Comment

by:zephyr_hex (Megan)
ID: 18752109
if it keeps coming back, then either you aren't getting the root of the problem or you are missing an infected computer.

first, are you referring to the corporate symantec AV?  if so, then i would recommend that you give their support line a call.

second, are you doing your scans in safe mode and is the AV stating it has cleaned the infection, or are there errors associated with the removal?
0
 

Author Comment

by:Fragmented
ID: 18752171
It is Symantec and we have been on the phone with them for support...with no luck.  The scanning is done in safe mode.  We have hit all our servers and it does keep coming back.  I didn't know if someone knew how it was getting in and a way to prevent that...

Thanks..
0
 
LVL 32

Expert Comment

by:willcomp
ID: 18752613
Take a look at this PAQ.  May be a bit more difficult on W2K server.  Many removal programs do not run on a server OS.

http://www.experts-exchange.com/Software/Internet_Email/Anti-Virus/Q_22390411.html
0
 
LVL 42

Expert Comment

by:zephyr_hex (Megan)
ID: 18752615
how is symantec identifying the virus (what name does it associate with the virus) ?
0
 
LVL 6

Accepted Solution

by:
1r2d2c3po earned 500 total points
ID: 18924273
We just went throught that virus here as well. The virus is varient of rinbot. It will does a few things.

1. It attacks a buffer overrun in the SAV client itself (I think just 10.x clients). You need to go to 10.1.5 or later. It communicates on the same port as the SAV clients do. I believe 2867?? Not sure.

If you look at a systems processes(task manager), you will see a process running called "dnssvc.exe" sometimes 2 instances. You have to kill these processes first.

The root of C:\ might contain the U.exe file. If so, delete it.

Update to the latest client, and def. files.

Do a full system scan.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
It’s been over a month into 2017, and there is already a sophisticated Gmail phishing email making it rounds. New techniques and tactics, have given hackers a way to authentically impersonate your contacts.How it Works The attack works by targeti…
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question