Solved

biggy.exe virus and u.exe virus

Posted on 2007-03-19
5
499 Views
Last Modified: 2013-12-09
There is a virus...biggy.exe and/or u.exe...that is shutting down servers. We have patched and cleaned the servers but it keeps coming back.  We use Symantec AV throughout.  Any thoughts on this today????  We have had no luck with virus update and/or definitions...

This is killing our network today...
0
Comment
Question by:Fragmented
5 Comments
 
LVL 43

Expert Comment

by:zephyr_hex (Megan)
ID: 18752109
if it keeps coming back, then either you aren't getting the root of the problem or you are missing an infected computer.

first, are you referring to the corporate symantec AV?  if so, then i would recommend that you give their support line a call.

second, are you doing your scans in safe mode and is the AV stating it has cleaned the infection, or are there errors associated with the removal?
0
 

Author Comment

by:Fragmented
ID: 18752171
It is Symantec and we have been on the phone with them for support...with no luck.  The scanning is done in safe mode.  We have hit all our servers and it does keep coming back.  I didn't know if someone knew how it was getting in and a way to prevent that...

Thanks..
0
 
LVL 32

Expert Comment

by:willcomp
ID: 18752613
Take a look at this PAQ.  May be a bit more difficult on W2K server.  Many removal programs do not run on a server OS.

http://www.experts-exchange.com/Software/Internet_Email/Anti-Virus/Q_22390411.html
0
 
LVL 43

Expert Comment

by:zephyr_hex (Megan)
ID: 18752615
how is symantec identifying the virus (what name does it associate with the virus) ?
0
 
LVL 6

Accepted Solution

by:
1r2d2c3po earned 500 total points
ID: 18924273
We just went throught that virus here as well. The virus is varient of rinbot. It will does a few things.

1. It attacks a buffer overrun in the SAV client itself (I think just 10.x clients). You need to go to 10.1.5 or later. It communicates on the same port as the SAV clients do. I believe 2867?? Not sure.

If you look at a systems processes(task manager), you will see a process running called "dnssvc.exe" sometimes 2 instances. You have to kill these processes first.

The root of C:\ might contain the U.exe file. If so, delete it.

Update to the latest client, and def. files.

Do a full system scan.
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
PerfMon Report Time Out 6 42
Windows DNS Server Caching 3 40
Printing issues after RDC session 3 29
Accessing two networks from one PC 30 110
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
When you try to extract and to view the contents of a Microsoft Update Standalone Package (MSU) for Windows Vista, you cannot extract the files from the MSU. Here we are going to explain how to extract those hotfix details without using any third pa…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question