Solved

How to find and remove a virus

Posted on 2009-03-31
12
1,691 Views
Last Modified: 2012-05-06
I have a Windows Server 2003 computer that has a really tough virus infection on it.  How can i learn the name of the virus and fix it?
0
Comment
Question by:Gary Gordon
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +4
12 Comments
 
LVL 23

Expert Comment

by:debuggerau
ID: 24035992
to locate the name, a virus detector is needed.
If you don't have a commercial one to use, you can try a trial, or free version.

Trend have a housecall product that should detect and name...
http://housecall.trendmicro.com/au/
0
 
LVL 2

Expert Comment

by:simplyakm
ID: 24035996
I think you should use Microsoft Windows Malicious Software Removal Tool, it is free and the best thing is it is from Microsoft.

it runs one time to check your computer for inflection by specific prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps remove any infection it finds. Microsoft releases a new version of the tool every month.

it focuses on the detection and removal of malicious software such as viruses, worms, and Trojan horses only. It does not remove spyware. However, you can use Windows Defender to detect and remove spyware.

for more info
Microsoft Windows Malicious Software Removal Tool
http://www.microsoft.com/security/malwareremove/default.mspx

Windows defender for spywares
http://www.microsoft.com/protect/computer/spyware/default.mspx
0
 
LVL 14

Accepted Solution

by:
Dhiraj Mutha earned 500 total points
ID: 24035999
Have you tried MalwareBytes? If you haven't then try it.
Download Malwarebytes' Anti-Malware to your desktop, check for the tool's Updates before running a scan.
http://www.malwarebytes.org/mbam.php 

If you can't access the above link then use this link:
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button 



If problem persists, use combofix and show us the log.
Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.


Best Solution: Format and Reinstall the OS. This is always better to do once your system gets effected with a Torjan/Virus/Spyware.
0
Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

 
LVL 4

Author Comment

by:Gary Gordon
ID: 24037822
I have tried the malware bytes software and that did not work.

Last night I ran HiJackThis and I created a log file which I then posted on BleepingComputer.com.  I haven't heard back from anyone yet.

If you like, I can show you the results of that scan.  Is there a way to send a file here on EE or do I just cut and paste the contents of the text file to the post window?
0
 

Expert Comment

by:arvehov
ID: 24039194
If your server is heavily infected, I will recommend you to format the disk(s) and reinstall the OS.
This will save you a lot of trouble, but if you really need the data on the server then you would have to get a proper anti-virus software.
0
 
LVL 14

Expert Comment

by:Dhiraj Mutha
ID: 24041312
Have you run Combofix?
0
 
LVL 4

Author Comment

by:Gary Gordon
ID: 24044062
No I haven't.  What is that and where should I get it?
0
 
LVL 23

Expert Comment

by:debuggerau
ID: 24044663
you can paste your hijackthis file into http://hijackthis.de for results...

I don't think Combofix works on 2003 server, only XP...

0
 
LVL 14

Expert Comment

by:Dhiraj Mutha
ID: 24046171
See my previous comments.
0
 
LVL 14

Expert Comment

by:Dhiraj Mutha
ID: 24046172
Have you tried MalwareBytes? If you haven't then try it.
Download Malwarebytes' Anti-Malware to your desktop, check for the tool's Updates before running a scan.
http://www.malwarebytes.org/mbam.php 

If you can't access the above link then use this link:
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button 



If problem persists, use combofix and show us the log.
Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.


Best Solution: Format and Reinstall the OS. This is always better to do once your system gets effected with a Torjan/Virus/Spyware.
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 24046870
What leads  you to believe it is a virus. Most viruses are low profile and usually only found out when your antivirus package picks it up.  Maybe a review of the symptoms can lead us to OTHER discrepancies that are really causing your issues.
++++++++++++++++++++++
There are tools to run that helps detect a virus. As already stated, malwarebytes is pretty good. Housecall is another. Here is another called Stinger, from McAfee. It detects many viruses, but not all.

http://vil.nai.com/vil/averttools.aspx

Others are:
Spybot Search and Destroy
Adaware
Kaspersky

++++++++++++++++++++++
To Analize a hijack this log, you can copy and past your log onto this site for analysis. So, there is no need to wait for it being analized:

http://www.hijackthis.de/index.php?langselect=english#anl

+++++

I NEVER recommend going without a commercial brand antivirus package. So, information on your AV package will really help us narrow the possibilities.

0
 
LVL 34

Expert Comment

by:Michael-Best
ID: 24046909
Last night I ran HiJackThis and I created a log file which I then posted on BleepingComputer.com.  I haven't heard back from anyone yet.

If you like, I can show you the results of that scan.  Is there a way to send a file here on EE or do I just cut and paste the contents of the text file to the post window?

Yes

Check HDD
Here a link to HDD makers Hard Drive Diagnostics Tools and Utilities
http://www.tacktech.com/display.cfm?ttid=287#samsung
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The password reset disk is often mentioned as the best solution to deal with the lost Windows password problem. In Windows 2008, 7, Vista and XP, a password reset disk can be easily created. But besides Windows 7/Vista/XP, Windows Server 2008 and ot…
Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question