jovonn
asked on
Shortcut Virus on File Server
Hi Folks, got an issue with our file server - some office files have been replaced by a shortcut with target pointing to the following
C:\WINDOWS\system32\cmd.ex e /C start cmd.exe /C if exist \thumbs.dbh start \thumbs.dbh && start "" excel.exe "name of file"
Have run Mbytes and windows scan as well as onboard AV scan. Running unhide.exe reveals the files again but virus kicks in a shortwhile later and files are hidden again. If I recover from backup files are ok for a while then problem reoccurs.
Any help appreciated.
Thanks
C:\WINDOWS\system32\cmd.ex
Have run Mbytes and windows scan as well as onboard AV scan. Running unhide.exe reveals the files again but virus kicks in a shortwhile later and files are hidden again. If I recover from backup files are ok for a while then problem reoccurs.
Any help appreciated.
Thanks
Run the antivirus scan in safe mode.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Looks like your on board AV is compromised, I would suggest you install another one even if it's trail mode.
Also check for any unknown start up files and remove them manually using "HijackThis"
http://www.bleepingcomputer.com/download/windows/page/2/
Also check for any unknown start up files and remove them manually using "HijackThis"
http://www.bleepingcomputer.com/download/windows/page/2/
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.