Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Virus that changes any exe file to *lib.exe ?

Posted on 2009-04-22
9
Medium Priority
?
796 Views
Last Modified: 2012-05-06
Hello Guys,
I am experiencing a weird problem on my network.
First of all I detected a sexscreensaver.exe virus on the network that was caught b nod32.
then I started to notice that all executables on my workstations have the lib attached to them.
so mspaint.exe was renamed mspaintlib.exe . and made hidden and a new shortcur mspaint.lnk was created pointing to
mspaintlib.exe

please help.
0
Comment
Question by:ammounpierre
  • 5
  • 3
9 Comments
 
LVL 50

Accepted Solution

by:
dbrunton earned 1000 total points
ID: 24211445
Virus again (well still the same virus)

http://www.sophos.com/security/analyses/viruses-and-spyware/w32malasa.html

Run Nod again.  It should get it.
0
 

Author Comment

by:ammounpierre
ID: 24212104
shall I scan all the computers on the network ?
0
 
LVL 50

Expert Comment

by:dbrunton
ID: 24212158
Scan any computer that could have affected this one.  If it could be a network computer then scan it.
0
Get quick recovery of individual SharePoint items

Free tool – Veeam Explorer for Microsoft SharePoint, enables fast, easy restores of SharePoint sites, documents, libraries and lists — all with no agents to manage and no additional licenses to buy.

 

Author Comment

by:ammounpierre
ID: 24212169
can I run windows 2003 server in safe mode ?
0
 
LVL 50

Expert Comment

by:dbrunton
ID: 24212548
can I run windows 2003 server in safe mode ?

You'd probably lose all your networking connections possibly if you do that.

If the virus is on the server wait for all users to be finished with the server before you do anything with that.
0
 
LVL 23

Assisted Solution

by:phototropic
phototropic earned 1000 total points
ID: 24213355
Seems to be a common infection:
Win32.Malas.b (Kaspersky),
W32/Bindo.worm (McAfee),
W32.Linkfars (Symantec),
Worm/Bindo.A (Avira),
W32/Malas-A (Sophos),
Worm:Win32/Malas.gen (Microsoft)

It is spread via P2P file sharing, so you might want to review whatever user education program you have in place regarding that sort of thing.
Kaspersky has a removal tool:

http://www.kaspersky.nl/en/virus-removal-tools/p2p-worm.win32.malas.b.html

Symantec have manual removal instructions:

http://www.symantec.com/security_response/writeup.jsp?docid=2007-110506-1023-99&tabid=3

If some of your network pcs are running P2P file sharing software and downloadinhg files, this is just the first of many infections.  People should not use work computers to download music and porn. You should get on top of this immediately...

0
 

Author Comment

by:ammounpierre
ID: 24219377
and how do I rename my exe files ?? (from xyzlib.exe to xyz.exe )
thanks
0
 
LVL 50

Expert Comment

by:dbrunton
ID: 24219645
Windows Search

Do a search on *lib.exe

That should return all of the files concerned.  I don't think there will be too many from reading what the virus does.

Note the attached example.  In this one it's searching drives C: and E:  Change that to your own drives configuration.
search.jpg
0
 
LVL 50

Expert Comment

by:dbrunton
ID: 24219657
Once it's found the files you should be able to click on them.  Press F2 to rename.
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question