"has stopped working" virus stops all exe files from running

Posted on 2014-03-20
Medium Priority
Last Modified: 2014-03-21
I am a beginner admin for a Windows 2008 Server, R2.  The server has just come down with a virus and I could really use some help.

The virus stops me from running any of the installed programs with the message that the program (that I have clicked on to run) "has stopped working".

The dialog box then gives the standard windows choices of searching online for a solution or closing the program.  

All antiviral programs are blocked and the Dr. Web antivirus for servers that I had running appears to have been uninstalled by the virus.

What is the name of the virus.  What is the best way to remove it?

Any help appreciated.
Question by:ken_b
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
LVL 18

Accepted Solution

web_tracker earned 1500 total points
ID: 39944440
Download rkill from Bleeping computer, you can download different flavores of this application some are not exe files so you can fool the virus in thinking this is not an exe file. Once rkill is successfully run you can run malwarebytes and rogue killer to kill this virus. http://www.bleepingcomputer.com/download/rkill/   Try the rkill.com or the rkill.scr versions of the application as these are not exe files, at least it fools the virus that they are not executable files.
LVL 18

Expert Comment

ID: 39944447
you can also use the fix exe program to repair the damage that prevents you from running excutables. http://www.bleepingcomputer.com/download/fixexec/  This will fix your exe problems. Note there are many flavors of this application as well. Note there are 32 bit and 64 bit versions of the application you need to download the appropriate version that matches your version of the operating system. I keep these tools in my arsenal.

Although I do not know the name of this virus it could go by many names. This will only repair the damage what the virus has done it will not remove the virus you need to run malwarebytes to finish removing the infection, by running malwarebytes you will find the name of this malware/virus.

Author Comment

ID: 39944454
I will try this in the am.  off to sleep for now...
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.


Expert Comment

ID: 39944666
use kaspersky http://free.kaspersky.com/

after removing virus. search for malware using malwarebytes.

malwarebytes works perfect for this kind of situations.

Author Comment

ID: 39945174
6 am and back at it.  

Used Rkill, the one that has a screensaver extension.  It ran.  It didn't find any viruses, but it did seem to make a change, from what I believe was a process where it stated that it reset the exe and com associations.  

After Rkill ran, I was able to run new antivirus programs and am now reinstalling the Dr. Web server anti-viral suite.  It is scanning now.

But I clearly still have a problem: all of the programs that I tried to open, and which came up with the "will not open" message, still will not open and have the same message.  What has changed is that I can now open a new program without the message coming up.

Should I reinstall all the affected programs that currently won't open?

What goes?

I will run some other anti-viral programs like malware bytes when the current scan is done.

Again, any help is appreciated.

Expert Comment

ID: 39945186
once after completing current scan, reboot that machine and check.
if still getting issue. please use MALWARE-BYTES.
LVL 18

Expert Comment

ID: 39945191
You need to run the applications i have suggested especially rogue killer it will change all the apps so they run properly.  Also it is important after running rkill to remove the malware using malwarebytes. Rkill just kills the running apps but does not remove the virsus. rogue killer will help change the default applications so that the file associations are back to normal. For example so that MS word will open up doc, adobe pro or adobe reader to open pdf etc.  http://www.bleepingcomputer.com/download/roguekiller/

Author Closing Comment

ID: 39946727
The rkill worked to stop the virus until I could run other software for removal.  Malware Bytes also worked to quarantine.  Dr. Web worked to quarantine but not remove.  Manual removal worked by deleting the file in the folder: supporter.  The program file was supportersvc.dll
Then a rootkit removed the rest.

Thanks for all the help.

LVL 18

Expert Comment

ID: 39946731
I was happy to offer at least some of the assistance in resolving the issue, I see your hard work did pay off. Good job in sticking it out.

Featured Post

Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A brand new malware strain was recently discovered by security researchers at Palo Alto Networks dubbed “AceDeceiver.” This new strain of iOS malware can successfully infect non-jailbroken devices and jailbroken devices alike.
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question