Windows 2003 Server with Fake AV
Posted on 2013-01-12
I got hit with the FakeMS malware on a 2003 server. The one that creates a bunch of exes and hides the folders.
The first "shocker" was MalwareBytes. Maybe it is because I am running it on a server but .... on several of the servers I manage Malwarebytes causes the server to boot but all you get is a blank blue screen and the server locks up. The fix is always to boot in to safe mode and uninstall MalwareBytes.
Anyway... the server is still messed up. Malwarebytes found the hueristics the first time and removed them but all of the folders are still showing up as .exe I think the fake av is gone but the "view" on the folders is still messed up. Does anyone know a malware package I can use to scam a 2003 server that is know to clean up this fake av and return the folders to their normal names (no .exe appended to it)?