Solved

How to find and remove a virus

Posted on 2009-03-31
12
1,687 Views
Last Modified: 2012-05-06
I have a Windows Server 2003 computer that has a really tough virus infection on it.  How can i learn the name of the virus and fix it?
0
Comment
Question by:Gary Gordon
  • 4
  • 2
  • 2
  • +4
12 Comments
 
LVL 23

Expert Comment

by:debuggerau
Comment Utility
to locate the name, a virus detector is needed.
If you don't have a commercial one to use, you can try a trial, or free version.

Trend have a housecall product that should detect and name...
http://housecall.trendmicro.com/au/
0
 
LVL 2

Expert Comment

by:simplyakm
Comment Utility
I think you should use Microsoft Windows Malicious Software Removal Tool, it is free and the best thing is it is from Microsoft.

it runs one time to check your computer for inflection by specific prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps remove any infection it finds. Microsoft releases a new version of the tool every month.

it focuses on the detection and removal of malicious software such as viruses, worms, and Trojan horses only. It does not remove spyware. However, you can use Windows Defender to detect and remove spyware.

for more info
Microsoft Windows Malicious Software Removal Tool
http://www.microsoft.com/security/malwareremove/default.mspx

Windows defender for spywares
http://www.microsoft.com/protect/computer/spyware/default.mspx
0
 
LVL 14

Accepted Solution

by:
Dhiraj Mutha earned 500 total points
Comment Utility
Have you tried MalwareBytes? If you haven't then try it.
Download Malwarebytes' Anti-Malware to your desktop, check for the tool's Updates before running a scan.
http://www.malwarebytes.org/mbam.php

If you can't access the above link then use this link:
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button



If problem persists, use combofix and show us the log.
Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.


Best Solution: Format and Reinstall the OS. This is always better to do once your system gets effected with a Torjan/Virus/Spyware.
0
 
LVL 4

Author Comment

by:Gary Gordon
Comment Utility
I have tried the malware bytes software and that did not work.

Last night I ran HiJackThis and I created a log file which I then posted on BleepingComputer.com.  I haven't heard back from anyone yet.

If you like, I can show you the results of that scan.  Is there a way to send a file here on EE or do I just cut and paste the contents of the text file to the post window?
0
 

Expert Comment

by:arvehov
Comment Utility
If your server is heavily infected, I will recommend you to format the disk(s) and reinstall the OS.
This will save you a lot of trouble, but if you really need the data on the server then you would have to get a proper anti-virus software.
0
 
LVL 14

Expert Comment

by:Dhiraj Mutha
Comment Utility
Have you run Combofix?
0
Want to promote your upcoming event?

Attending an event? Speaking at a conference? Or exhibiting at a tradeshow? Easily inform your contacts by using a promotional banner in your email signature. This will ensure your organization’s most important contacts are in the know.

 
LVL 4

Author Comment

by:Gary Gordon
Comment Utility
No I haven't.  What is that and where should I get it?
0
 
LVL 23

Expert Comment

by:debuggerau
Comment Utility
you can paste your hijackthis file into http://hijackthis.de for results...

I don't think Combofix works on 2003 server, only XP...

0
 
LVL 14

Expert Comment

by:Dhiraj Mutha
Comment Utility
See my previous comments.
0
 
LVL 14

Expert Comment

by:Dhiraj Mutha
Comment Utility
Have you tried MalwareBytes? If you haven't then try it.
Download Malwarebytes' Anti-Malware to your desktop, check for the tool's Updates before running a scan.
http://www.malwarebytes.org/mbam.php

If you can't access the above link then use this link:
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button



If problem persists, use combofix and show us the log.
Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.


Best Solution: Format and Reinstall the OS. This is always better to do once your system gets effected with a Torjan/Virus/Spyware.
0
 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
What leads  you to believe it is a virus. Most viruses are low profile and usually only found out when your antivirus package picks it up.  Maybe a review of the symptoms can lead us to OTHER discrepancies that are really causing your issues.
++++++++++++++++++++++
There are tools to run that helps detect a virus. As already stated, malwarebytes is pretty good. Housecall is another. Here is another called Stinger, from McAfee. It detects many viruses, but not all.

http://vil.nai.com/vil/averttools.aspx

Others are:
Spybot Search and Destroy
Adaware
Kaspersky

++++++++++++++++++++++
To Analize a hijack this log, you can copy and past your log onto this site for analysis. So, there is no need to wait for it being analized:

http://www.hijackthis.de/index.php?langselect=english#anl

+++++

I NEVER recommend going without a commercial brand antivirus package. So, information on your AV package will really help us narrow the possibilities.

0
 
LVL 34

Expert Comment

by:Michael-Best
Comment Utility
Last night I ran HiJackThis and I created a log file which I then posted on BleepingComputer.com.  I haven't heard back from anyone yet.

If you like, I can show you the results of that scan.  Is there a way to send a file here on EE or do I just cut and paste the contents of the text file to the post window?

Yes

Check HDD
Here a link to HDD makers Hard Drive Diagnostics Tools and Utilities
http://www.tacktech.com/display.cfm?ttid=287#samsung
0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found here: http://www.experts-exchang…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now