Solved

"has stopped working" virus stops all exe files from running

Posted on 2014-03-20
9
1,739 Views
Last Modified: 2014-03-21
I am a beginner admin for a Windows 2008 Server, R2.  The server has just come down with a virus and I could really use some help.

The virus stops me from running any of the installed programs with the message that the program (that I have clicked on to run) "has stopped working".

The dialog box then gives the standard windows choices of searching online for a solution or closing the program.  

All antiviral programs are blocked and the Dr. Web antivirus for servers that I had running appears to have been uninstalled by the virus.

What is the name of the virus.  What is the best way to remove it?

Any help appreciated.
0
Comment
Question by:ken_b
  • 4
  • 3
  • 2
9 Comments
 
LVL 18

Accepted Solution

by:
web_tracker earned 500 total points
ID: 39944440
Download rkill from Bleeping computer, you can download different flavores of this application some are not exe files so you can fool the virus in thinking this is not an exe file. Once rkill is successfully run you can run malwarebytes and rogue killer to kill this virus. http://www.bleepingcomputer.com/download/rkill/   Try the rkill.com or the rkill.scr versions of the application as these are not exe files, at least it fools the virus that they are not executable files.
0
 
LVL 18

Expert Comment

by:web_tracker
ID: 39944447
you can also use the fix exe program to repair the damage that prevents you from running excutables. http://www.bleepingcomputer.com/download/fixexec/  This will fix your exe problems. Note there are many flavors of this application as well. Note there are 32 bit and 64 bit versions of the application you need to download the appropriate version that matches your version of the operating system. I keep these tools in my arsenal.

Although I do not know the name of this virus it could go by many names. This will only repair the damage what the virus has done it will not remove the virus you need to run malwarebytes to finish removing the infection, by running malwarebytes you will find the name of this malware/virus.
0
 

Author Comment

by:ken_b
ID: 39944454
I will try this in the am.  off to sleep for now...
0
 
LVL 2

Expert Comment

by:IMGIDC
ID: 39944666
use kaspersky http://free.kaspersky.com/

after removing virus. search for malware using malwarebytes.
https://www.malwarebytes.org/

malwarebytes works perfect for this kind of situations.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Author Comment

by:ken_b
ID: 39945174
6 am and back at it.  

Used Rkill, the one that has a screensaver extension.  It ran.  It didn't find any viruses, but it did seem to make a change, from what I believe was a process where it stated that it reset the exe and com associations.  

After Rkill ran, I was able to run new antivirus programs and am now reinstalling the Dr. Web server anti-viral suite.  It is scanning now.

But I clearly still have a problem: all of the programs that I tried to open, and which came up with the "will not open" message, still will not open and have the same message.  What has changed is that I can now open a new program without the message coming up.

Should I reinstall all the affected programs that currently won't open?

What goes?

I will run some other anti-viral programs like malware bytes when the current scan is done.

Again, any help is appreciated.
0
 
LVL 2

Expert Comment

by:IMGIDC
ID: 39945186
once after completing current scan, reboot that machine and check.
if still getting issue. please use MALWARE-BYTES.
0
 
LVL 18

Expert Comment

by:web_tracker
ID: 39945191
You need to run the applications i have suggested especially rogue killer it will change all the apps so they run properly.  Also it is important after running rkill to remove the malware using malwarebytes. Rkill just kills the running apps but does not remove the virsus. rogue killer will help change the default applications so that the file associations are back to normal. For example so that MS word will open up doc, adobe pro or adobe reader to open pdf etc.  http://www.bleepingcomputer.com/download/roguekiller/
0
 

Author Closing Comment

by:ken_b
ID: 39946727
The rkill worked to stop the virus until I could run other software for removal.  Malware Bytes also worked to quarantine.  Dr. Web worked to quarantine but not remove.  Manual removal worked by deleting the file in the folder: supporter.  The program file was supportersvc.dll
Then a rootkit removed the rest.

Thanks for all the help.

Ken
0
 
LVL 18

Expert Comment

by:web_tracker
ID: 39946731
I was happy to offer at least some of the assistance in resolving the issue, I see your hard work did pay off. Good job in sticking it out.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The month of August was another action packed month for hackers and a security nightmare for many retailers and restaurant establishments. Some of the more notable data breach victims this past month included supermarket giants SUPERVALU and Alberts…
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now