LockDown32
asked on
Windows 2003 Server with Fake AV
I got hit with the FakeMS malware on a 2003 server. The one that creates a bunch of exes and hides the folders.
The first "shocker" was MalwareBytes. Maybe it is because I am running it on a server but .... on several of the servers I manage Malwarebytes causes the server to boot but all you get is a blank blue screen and the server locks up. The fix is always to boot in to safe mode and uninstall MalwareBytes.
Anyway... the server is still messed up. Malwarebytes found the hueristics the first time and removed them but all of the folders are still showing up as .exe I think the fake av is gone but the "view" on the folders is still messed up. Does anyone know a malware package I can use to scam a 2003 server that is know to clean up this fake av and return the folders to their normal names (no .exe appended to it)?
The first "shocker" was MalwareBytes. Maybe it is because I am running it on a server but .... on several of the servers I manage Malwarebytes causes the server to boot but all you get is a blank blue screen and the server locks up. The fix is always to boot in to safe mode and uninstall MalwareBytes.
Anyway... the server is still messed up. Malwarebytes found the hueristics the first time and removed them but all of the folders are still showing up as .exe I think the fake av is gone but the "view" on the folders is still messed up. Does anyone know a malware package I can use to scam a 2003 server that is know to clean up this fake av and return the folders to their normal names (no .exe appended to it)?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Any update on your situation?
@LockDown32 - Thank you and I was happy to help you with this.
.... Thinkpads_User
.... Thinkpads_User