?
Solved

Need urgent assistance with Hakertool.hidewindow spyware virus

Posted on 2010-01-13
8
Medium Priority
?
558 Views
Last Modified: 2013-12-09
Hi Guys

I am having this problem with a virus that keep popping up overtime we restart a server...
This "Hakertool.hidewindow virus keeps reappearing after reboot, all our antivirus client are from "Symantec" which does recognize the virus and quarantine\remove it but when we restart the server it pops up again. We have almost 100 servers with that virus in an isolated network environment.
My question is - how do i get rid of this nuisance? I have tried numerous antivirus application and even SpyDoctor and they remove the virus until I restart the server...
How do I clean this network environment?




0
Comment
Question by:marmoor99
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 8

Accepted Solution

by:
Jon500 earned 800 total points
ID: 26302227
Please try a PC-Magazine endorsed scanner at www.prevx.com to see if it recognizes this particular threat/infection. There is a free lightweight and trustworthy scanner you can download. Others will undoubtedly chime in with other recommendations--and you may in fact need to try several scanners until one recognizes and can cleanse your system of this particular virus.

Also, www.spybot.com (a totally free scanner and fixer) keeps on top of most Spyware infections, so you may want to try that too.

Regards,
Jon
0
 

Author Comment

by:marmoor99
ID: 26302280
Is there a free spayware application which does not require installation?
I am not allowed to install anything on those infected servers....
0
 
LVL 8

Assisted Solution

by:Jon500
Jon500 earned 800 total points
ID: 26302367
0
Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

 

Author Comment

by:marmoor99
ID: 26302375
That is the first thing I tried...did not work.
Symantec did not recognize the virus in SafeMode scan
0
 
LVL 8

Assisted Solution

by:Jon500
Jon500 earned 800 total points
ID: 26302426
OK--it was not clear whether you had done a safe-mode scan.

May I ask how you know you have the "hacktool.hidewindow" infection if your scanner is not identifying it?
0
 

Author Comment

by:marmoor99
ID: 26302451
It does not recognize this virus when scanning in SafeMode...but it does in regular mode
0
 
LVL 8

Assisted Solution

by:Jon500
Jon500 earned 800 total points
ID: 26302517
I'm sorry but you have few good options other than perhaps a manual removal tool. Because the registry is involved in this particular infection, it is unlikely that you will have success running a cleaning tool from another computer--especially considering the security constraints of your network environment.

Here are manual removal instructions that may or may not apply to your particular infection (if you determine that you have such files as winhelper.exe and win32.exe on your system then it's a good chance these instructions will help you). Obviously, it is going to be difficult for you to carry out these instructions on 100 pr so servers.

http://www.exterminate-it.com/malpedia/remove-hidewindow

I wonder if you can try to re-scan with Safe Mode WITH NETWORKING. Perhaps you had chosen only Safe Mode (without networking)?

Regards,
Jon
0
 
LVL 22

Assisted Solution

by:optoma
optoma earned 200 total points
ID: 26304411
Scan with Eset Online Scanner
http://www.eset.com/onlinescan/scanner.php?i_agree=14

Uncheck "remove found threats" for now
Check "scan archives"

Advanced settings:
Have all three boxes checked

Attach its logfile here after:
C:\Program Files\ESET\ESET Online Scanner\log.txt
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most PC repair technicians (if not all) always start their cleanup process by emptying the temp folders before running any removal tools. It makes sense because temp folders are common places for malware installers to lurk and removing all the junk …
It started not too long ago. It was at first annoying. My keystrokes seemed to be randomly generated, not the ones I typed on the keyboard. For some reason this only happened in certain applications (especially browsers such as IE11, Firefox and Chr…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question