Virus killing network.. please help...

Posted on 2007-08-01
Last Modified: 2013-12-05
I need help bigtime. Seems like we got a virus and it spread all over the network. Infected about 7 machines. We actually reformatted one machine to get the virus off and as soon as we connected to our network, it was infected again. I ran multiple scanners on the machine.. norton, sophos... but it doesn't go away and it seems to make my machines lose connectivity. What do i do? Do i have to disconnect everything from the network and re-format everything?!?!?! There has to be something. The virus found is w32/Delbot-AO and Mal/Delque-A. Please help.. thanx all

Question by:engineroom
    LVL 47

    Accepted Solution

    This will get rid of the infection, but you need to isolate each machines till they're all clean to avoid re-infection.
    Download SDFix and save it to your desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :

    * Restart your computer
    * After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    *  Instead of Windows loading as normal, a menu with options should appear;
    *  Select the first option, to run Windows in Safe Mode, then press "Enter".
    *  Choose your usual account.

    *  Open the extracted folder and double click "RunThis.bat" to start the script.
    *  Type "Y" to begin the script.
    *  It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
    *  Press any Key and it will restart the PC.
    *  Your system will take longer that normal to restart as the fixtool will be running and removing files.
    *  When the desktop loads the Fixtool will complete the removal and display "Finished", then press any key to end the script and load your desktop icons.
    *  Finally open the SDFix folder on your desktop and copy and paste the contents of the results file "Report.txt" back

    LVL 47

    Expert Comment

    Also run this tool, it removes most common infections and will give you a report which can be analyze for any leftover nasties.

    Download ComboFix to your Desktop, from either of these locations:

    Double click "combofix.exe" and follow the prompts.
    When finished, it shall produce a log for you.
    Post that log and a HiJackthis log in your next reply

    Note: Do not mouseclick combofix's window while its running. That may cause it to stall
    LVL 3

    Author Comment

    Thanx for the information. I will give it a try. Unfortunately the second link doesn't seem to work. Any other links?
    LVL 47

    Expert Comment

    You mean Combofix links don't work?
    that's strange, it works for me, it's a direct download.
    LVL 3

    Author Comment

    Thanx for all your help!
    LVL 47

    Expert Comment

    No problem.

    Thank you!

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Join & Write a Comment

    Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found here: http://www.experts-exchang…
    NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…

    732 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now