Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Problem with Chess.exe and Windows Vista

Posted on 2008-10-07
7
Medium Priority
?
1,448 Views
Last Modified: 2013-11-22
Seem to be having a bit of a strange problem.  We have a network of about 15-20 desktops running a mixture of operating systems from 2000/XP and Vista.

Recently we have installed a Windows Server 2008 file server and moved our data over to this.  

Now on all of our Windows Vista computers show an option for chess everytime we right click on our mapped drive and we can't double click to open the drive.  We can get to the drive if we go through a unc path and we have checked permissions on the new server .  

If we search through the registry on a vista machine it refers to a program called chess.exe in the root of the mapped drive, however we can't find this file on either servers.

This only seems to be causing an issue with our windows vista computers, all of our other computers are working fine.

We can delete any registry keys that relate to chess.exe and the issue looks like it disappears but when you reboot the machine the issue comes back again.  We have ran malwarebytes on the computer but it doesn't detect anything.  We have anti virus running on all computers and both servers.

Any help would be much appreciated.
0
Comment
Question by:asp_indi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 

Expert Comment

by:dbhsupport
ID: 22660196
Sorry not a solution for you.

We have the same problem, chess.exe and autorun.inf showing on the root of shares on a windows 2003 server.

Fully updated Trend running on the Server and nothing reported.

 
0
 
LVL 1

Accepted Solution

by:
interactit earned 2000 total points
ID: 22660202
Hi

We saw a similar, if not identical issue recently, we solved it by locating the following registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2

You should see 2 subkeys which are Autoru & Shell, delete them and restart the PC.

I would guess that the Malware product you have run was only able to part clean the registry of the chess worm (Vista's registry is more secure than XP).

Let me know how you get on?

0
 

Expert Comment

by:dbhsupport
ID: 22660272
Thanks for that had a look but do not see the subkeys :-(


0
Does Your Cloud Backup Use Blockchain Technology?

Blockchain technology has already revolutionized finance thanks to Bitcoin. Now it's disrupting other areas, including the realm of data protection. Learn how blockchain is now being used to authenticate backup files and keep them safe from hackers.

 
LVL 1

Expert Comment

by:interactit
ID: 22660296
dbhsupport, are you using Vista (if so what versuion) or XP?
0
 

Author Comment

by:asp_indi
ID: 22660507
Hi interactit

performed your fix and also noticed that the autorun.ini was still in the root of the of the drive and this so far has fixed my problems on the vista computers.  We have rebooted all of them and the issue hasn't come back.

I'll give it until tomorrow to see if the virus is regenerating itself.

0
 

Expert Comment

by:dbhsupport
ID: 22667038
It is on Windows 2003 server. Not done a reboot yet to see if it will come back.
thanks
0
 
LVL 1

Expert Comment

by:akg_exel
ID: 22830906
I have this also on a customer machine.

Noticed it on one laptop which was reinstalled and it came back today - deleted the keys of which one was..

C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL chess.exe e

which I assume is the culprit which is creating this file.

Really surprised there are no fixes from AV people.  Is it a virus or malware?
0

Featured Post

Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question