Gary Gordon
asked on
How to find and remove a virus
I have a Windows Server 2003 computer that has a really tough virus infection on it. How can i learn the name of the virus and fix it?
I think you should use Microsoft Windows Malicious Software Removal Tool, it is free and the best thing is it is from Microsoft.
it runs one time to check your computer for inflection by specific prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps remove any infection it finds. Microsoft releases a new version of the tool every month.
it focuses on the detection and removal of malicious software such as viruses, worms, and Trojan horses only. It does not remove spyware. However, you can use Windows Defender to detect and remove spyware.
for more info
Microsoft Windows Malicious Software Removal Tool
http://www.microsoft.com/security/malwareremove/default.mspx
Windows defender for spywares
http://www.microsoft.com/protect/computer/spyware/default.mspx
it runs one time to check your computer for inflection by specific prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps remove any infection it finds. Microsoft releases a new version of the tool every month.
it focuses on the detection and removal of malicious software such as viruses, worms, and Trojan horses only. It does not remove spyware. However, you can use Windows Defender to detect and remove spyware.
for more info
Microsoft Windows Malicious Software Removal Tool
http://www.microsoft.com/security/malwareremove/default.mspx
Windows defender for spywares
http://www.microsoft.com/protect/computer/spyware/default.mspx
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I have tried the malware bytes software and that did not work.
Last night I ran HiJackThis and I created a log file which I then posted on BleepingComputer.com. I haven't heard back from anyone yet.
If you like, I can show you the results of that scan. Is there a way to send a file here on EE or do I just cut and paste the contents of the text file to the post window?
Last night I ran HiJackThis and I created a log file which I then posted on BleepingComputer.com. I haven't heard back from anyone yet.
If you like, I can show you the results of that scan. Is there a way to send a file here on EE or do I just cut and paste the contents of the text file to the post window?
If your server is heavily infected, I will recommend you to format the disk(s) and reinstall the OS.
This will save you a lot of trouble, but if you really need the data on the server then you would have to get a proper anti-virus software.
This will save you a lot of trouble, but if you really need the data on the server then you would have to get a proper anti-virus software.
Have you run Combofix?
ASKER
No I haven't. What is that and where should I get it?
you can paste your hijackthis file into http://hijackthis.de for results...
I don't think Combofix works on 2003 server, only XP...
I don't think Combofix works on 2003 server, only XP...
See my previous comments.
Have you tried MalwareBytes? If you haven't then try it.
Download Malwarebytes' Anti-Malware to your desktop, check for the tool's Updates before running a scan.
http://www.malwarebytes.org/mbam.php
If you can't access the above link then use this link:
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button
If problem persists, use combofix and show us the log.
Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Best Solution: Format and Reinstall the OS. This is always better to do once your system gets effected with a Torjan/Virus/Spyware.
Download Malwarebytes' Anti-Malware to your desktop, check for the tool's Updates before running a scan.
http://www.malwarebytes.org/mbam.php
If you can't access the above link then use this link:
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button
If problem persists, use combofix and show us the log.
Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Best Solution: Format and Reinstall the OS. This is always better to do once your system gets effected with a Torjan/Virus/Spyware.
What leads you to believe it is a virus. Most viruses are low profile and usually only found out when your antivirus package picks it up. Maybe a review of the symptoms can lead us to OTHER discrepancies that are really causing your issues.
++++++++++++++++++++++
There are tools to run that helps detect a virus. As already stated, malwarebytes is pretty good. Housecall is another. Here is another called Stinger, from McAfee. It detects many viruses, but not all.
http://vil.nai.com/vil/averttools.aspx
Others are:
Spybot Search and Destroy
Adaware
Kaspersky
++++++++++++++++++++++
To Analize a hijack this log, you can copy and past your log onto this site for analysis. So, there is no need to wait for it being analized:
http://www.hijackthis.de/index.php?langselect=english#anl
+++++
I NEVER recommend going without a commercial brand antivirus package. So, information on your AV package will really help us narrow the possibilities.
++++++++++++++++++++++
There are tools to run that helps detect a virus. As already stated, malwarebytes is pretty good. Housecall is another. Here is another called Stinger, from McAfee. It detects many viruses, but not all.
http://vil.nai.com/vil/averttools.aspx
Others are:
Spybot Search and Destroy
Adaware
Kaspersky
++++++++++++++++++++++
To Analize a hijack this log, you can copy and past your log onto this site for analysis. So, there is no need to wait for it being analized:
http://www.hijackthis.de/index.php?langselect=english#anl
+++++
I NEVER recommend going without a commercial brand antivirus package. So, information on your AV package will really help us narrow the possibilities.
Last night I ran HiJackThis and I created a log file which I then posted on BleepingComputer.com. I haven't heard back from anyone yet.
If you like, I can show you the results of that scan. Is there a way to send a file here on EE or do I just cut and paste the contents of the text file to the post window?
Yes
Check HDD
Here a link to HDD makers Hard Drive Diagnostics Tools and Utilities
http://www.tacktech.com/display.cfm?ttid=287#samsung
If you like, I can show you the results of that scan. Is there a way to send a file here on EE or do I just cut and paste the contents of the text file to the post window?
Yes
Check HDD
Here a link to HDD makers Hard Drive Diagnostics Tools and Utilities
http://www.tacktech.com/display.cfm?ttid=287#samsung
If you don't have a commercial one to use, you can try a trial, or free version.
Trend have a housecall product that should detect and name...
http://housecall.trendmicro.com/au/