ammounpierre
asked on
Virus that changes any exe file to *lib.exe ?
Hello Guys,
I am experiencing a weird problem on my network.
First of all I detected a sexscreensaver.exe virus on the network that was caught b nod32.
then I started to notice that all executables on my workstations have the lib attached to them.
so mspaint.exe was renamed mspaintlib.exe . and made hidden and a new shortcur mspaint.lnk was created pointing to
mspaintlib.exe
please help.
I am experiencing a weird problem on my network.
First of all I detected a sexscreensaver.exe virus on the network that was caught b nod32.
then I started to notice that all executables on my workstations have the lib attached to them.
so mspaint.exe was renamed mspaintlib.exe . and made hidden and a new shortcur mspaint.lnk was created pointing to
mspaintlib.exe
please help.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Scan any computer that could have affected this one. If it could be a network computer then scan it.
ASKER
can I run windows 2003 server in safe mode ?
can I run windows 2003 server in safe mode ?
You'd probably lose all your networking connections possibly if you do that.
If the virus is on the server wait for all users to be finished with the server before you do anything with that.
You'd probably lose all your networking connections possibly if you do that.
If the virus is on the server wait for all users to be finished with the server before you do anything with that.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
and how do I rename my exe files ?? (from xyzlib.exe to xyz.exe )
thanks
thanks
Windows Search
Do a search on *lib.exe
That should return all of the files concerned. I don't think there will be too many from reading what the virus does.
Note the attached example. In this one it's searching drives C: and E: Change that to your own drives configuration.
search.jpg
Do a search on *lib.exe
That should return all of the files concerned. I don't think there will be too many from reading what the virus does.
Note the attached example. In this one it's searching drives C: and E: Change that to your own drives configuration.
search.jpg
Once it's found the files you should be able to click on them. Press F2 to rename.
ASKER