Link to home
Start Free TrialLog in
Avatar of jovonn
jovonnFlag for United Kingdom of Great Britain and Northern Ireland

asked on

Shortcut Virus on File Server

Hi Folks, got an issue with our file server - some office files have been replaced by a shortcut with target pointing to the following

C:\WINDOWS\system32\cmd.exe /C start cmd.exe /C if exist \thumbs.dbh start \thumbs.dbh && start "" excel.exe "name of file"

Have run Mbytes and windows scan as well as onboard AV scan. Running unhide.exe reveals the files again but virus kicks in a shortwhile later and files are hidden again. If I recover from backup files are ok for a while then problem reoccurs.

Any help appreciated.

Thanks
Avatar of Sushil Sonawane
Sushil Sonawane
Flag of India image

Run the antivirus scan in safe mode.
ASKER CERTIFIED SOLUTION
Avatar of Pete Long
Pete Long
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Looks like your on board AV is compromised, I would suggest you install another one even if it's trail mode.

Also check for any unknown start up files and remove them manually using "HijackThis"

http://www.bleepingcomputer.com/download/windows/page/2/
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial