Solved

How to find and remove a virus

Posted on 2009-03-31
12
1,694 Views
Last Modified: 2012-05-06
I have a Windows Server 2003 computer that has a really tough virus infection on it.  How can i learn the name of the virus and fix it?
0
Comment
Question by:Gary Gordon
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +4
12 Comments
 
LVL 23

Expert Comment

by:debuggerau
ID: 24035992
to locate the name, a virus detector is needed.
If you don't have a commercial one to use, you can try a trial, or free version.

Trend have a housecall product that should detect and name...
http://housecall.trendmicro.com/au/
0
 
LVL 2

Expert Comment

by:simplyakm
ID: 24035996
I think you should use Microsoft Windows Malicious Software Removal Tool, it is free and the best thing is it is from Microsoft.

it runs one time to check your computer for inflection by specific prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps remove any infection it finds. Microsoft releases a new version of the tool every month.

it focuses on the detection and removal of malicious software such as viruses, worms, and Trojan horses only. It does not remove spyware. However, you can use Windows Defender to detect and remove spyware.

for more info
Microsoft Windows Malicious Software Removal Tool
http://www.microsoft.com/security/malwareremove/default.mspx

Windows defender for spywares
http://www.microsoft.com/protect/computer/spyware/default.mspx
0
 
LVL 14

Accepted Solution

by:
Dhiraj Mutha earned 500 total points
ID: 24035999
Have you tried MalwareBytes? If you haven't then try it.
Download Malwarebytes' Anti-Malware to your desktop, check for the tool's Updates before running a scan.
http://www.malwarebytes.org/mbam.php 

If you can't access the above link then use this link:
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button 



If problem persists, use combofix and show us the log.
Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.


Best Solution: Format and Reinstall the OS. This is always better to do once your system gets effected with a Torjan/Virus/Spyware.
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 
LVL 4

Author Comment

by:Gary Gordon
ID: 24037822
I have tried the malware bytes software and that did not work.

Last night I ran HiJackThis and I created a log file which I then posted on BleepingComputer.com.  I haven't heard back from anyone yet.

If you like, I can show you the results of that scan.  Is there a way to send a file here on EE or do I just cut and paste the contents of the text file to the post window?
0
 

Expert Comment

by:arvehov
ID: 24039194
If your server is heavily infected, I will recommend you to format the disk(s) and reinstall the OS.
This will save you a lot of trouble, but if you really need the data on the server then you would have to get a proper anti-virus software.
0
 
LVL 14

Expert Comment

by:Dhiraj Mutha
ID: 24041312
Have you run Combofix?
0
 
LVL 4

Author Comment

by:Gary Gordon
ID: 24044062
No I haven't.  What is that and where should I get it?
0
 
LVL 23

Expert Comment

by:debuggerau
ID: 24044663
you can paste your hijackthis file into http://hijackthis.de for results...

I don't think Combofix works on 2003 server, only XP...

0
 
LVL 14

Expert Comment

by:Dhiraj Mutha
ID: 24046171
See my previous comments.
0
 
LVL 14

Expert Comment

by:Dhiraj Mutha
ID: 24046172
Have you tried MalwareBytes? If you haven't then try it.
Download Malwarebytes' Anti-Malware to your desktop, check for the tool's Updates before running a scan.
http://www.malwarebytes.org/mbam.php 

If you can't access the above link then use this link:
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button 



If problem persists, use combofix and show us the log.
Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.


Best Solution: Format and Reinstall the OS. This is always better to do once your system gets effected with a Torjan/Virus/Spyware.
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 24046870
What leads  you to believe it is a virus. Most viruses are low profile and usually only found out when your antivirus package picks it up.  Maybe a review of the symptoms can lead us to OTHER discrepancies that are really causing your issues.
++++++++++++++++++++++
There are tools to run that helps detect a virus. As already stated, malwarebytes is pretty good. Housecall is another. Here is another called Stinger, from McAfee. It detects many viruses, but not all.

http://vil.nai.com/vil/averttools.aspx

Others are:
Spybot Search and Destroy
Adaware
Kaspersky

++++++++++++++++++++++
To Analize a hijack this log, you can copy and past your log onto this site for analysis. So, there is no need to wait for it being analized:

http://www.hijackthis.de/index.php?langselect=english#anl

+++++

I NEVER recommend going without a commercial brand antivirus package. So, information on your AV package will really help us narrow the possibilities.

0
 
LVL 34

Expert Comment

by:Michael-Best
ID: 24046909
Last night I ran HiJackThis and I created a log file which I then posted on BleepingComputer.com.  I haven't heard back from anyone yet.

If you like, I can show you the results of that scan.  Is there a way to send a file here on EE or do I just cut and paste the contents of the text file to the post window?

Yes

Check HDD
Here a link to HDD makers Hard Drive Diagnostics Tools and Utilities
http://www.tacktech.com/display.cfm?ttid=287#samsung
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Suggested Courses

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question