Solved

biggy.exe virus and u.exe virus

Posted on 2007-03-19
5
504 Views
Last Modified: 2013-12-09
There is a virus...biggy.exe and/or u.exe...that is shutting down servers. We have patched and cleaned the servers but it keeps coming back.  We use Symantec AV throughout.  Any thoughts on this today????  We have had no luck with virus update and/or definitions...

This is killing our network today...
0
Comment
Question by:Fragmented
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 43

Expert Comment

by:zephyr_hex (Megan)
ID: 18752109
if it keeps coming back, then either you aren't getting the root of the problem or you are missing an infected computer.

first, are you referring to the corporate symantec AV?  if so, then i would recommend that you give their support line a call.

second, are you doing your scans in safe mode and is the AV stating it has cleaned the infection, or are there errors associated with the removal?
0
 

Author Comment

by:Fragmented
ID: 18752171
It is Symantec and we have been on the phone with them for support...with no luck.  The scanning is done in safe mode.  We have hit all our servers and it does keep coming back.  I didn't know if someone knew how it was getting in and a way to prevent that...

Thanks..
0
 
LVL 32

Expert Comment

by:willcomp
ID: 18752613
Take a look at this PAQ.  May be a bit more difficult on W2K server.  Many removal programs do not run on a server OS.

http://www.experts-exchange.com/Software/Internet_Email/Anti-Virus/Q_22390411.html
0
 
LVL 43

Expert Comment

by:zephyr_hex (Megan)
ID: 18752615
how is symantec identifying the virus (what name does it associate with the virus) ?
0
 
LVL 6

Accepted Solution

by:
1r2d2c3po earned 500 total points
ID: 18924273
We just went throught that virus here as well. The virus is varient of rinbot. It will does a few things.

1. It attacks a buffer overrun in the SAV client itself (I think just 10.x clients). You need to go to 10.1.5 or later. It communicates on the same port as the SAV clients do. I believe 2867?? Not sure.

If you look at a systems processes(task manager), you will see a process running called "dnssvc.exe" sometimes 2 instances. You have to kill these processes first.

The root of C:\ might contain the U.exe file. If so, delete it.

Update to the latest client, and def. files.

Do a full system scan.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article helps those who get the 0xc004d307 error when trying to rearm (reset the license) Office 2013 in a Virtual Desktop Infrastructure (VDI) and/or those trying to prep the master image for Microsoft Key Management (KMS) activation. (i.e.- C…
This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question