"has stopped working" virus stops all exe files from running
I am a beginner admin for a Windows 2008 Server, R2. The server has just come down with a virus and I could really use some help.
The virus stops me from running any of the installed programs with the message that the program (that I have clicked on to run) "has stopped working".
The dialog box then gives the standard windows choices of searching online for a solution or closing the program.
All antiviral programs are blocked and the Dr. Web antivirus for servers that I had running appears to have been uninstalled by the virus.
What is the name of the virus. What is the best way to remove it?
Any help appreciated.
The virus stops me from running any of the installed programs with the message that the program (that I have clicked on to run) "has stopped working".
The dialog box then gives the standard windows choices of searching online for a solution or closing the program.
All antiviral programs are blocked and the Dr. Web antivirus for servers that I had running appears to have been uninstalled by the virus.
What is the name of the virus. What is the best way to remove it?
Any help appreciated.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I will try this in the am. off to sleep for now...
use kaspersky http://free.kaspersky.com/
after removing virus. search for malware using malwarebytes.
https://www.malwarebytes.o
malwarebytes works perfect for this kind of situations.
after removing virus. search for malware using malwarebytes.
https://www.malwarebytes.o
malwarebytes works perfect for this kind of situations.
ASKER
6 am and back at it.
Used Rkill, the one that has a screensaver extension. It ran. It didn't find any viruses, but it did seem to make a change, from what I believe was a process where it stated that it reset the exe and com associations.
After Rkill ran, I was able to run new antivirus programs and am now reinstalling the Dr. Web server anti-viral suite. It is scanning now.
But I clearly still have a problem: all of the programs that I tried to open, and which came up with the "will not open" message, still will not open and have the same message. What has changed is that I can now open a new program without the message coming up.
Should I reinstall all the affected programs that currently won't open?
What goes?
I will run some other anti-viral programs like malware bytes when the current scan is done.
Again, any help is appreciated.
Used Rkill, the one that has a screensaver extension. It ran. It didn't find any viruses, but it did seem to make a change, from what I believe was a process where it stated that it reset the exe and com associations.
After Rkill ran, I was able to run new antivirus programs and am now reinstalling the Dr. Web server anti-viral suite. It is scanning now.
But I clearly still have a problem: all of the programs that I tried to open, and which came up with the "will not open" message, still will not open and have the same message. What has changed is that I can now open a new program without the message coming up.
Should I reinstall all the affected programs that currently won't open?
What goes?
I will run some other anti-viral programs like malware bytes when the current scan is done.
Again, any help is appreciated.
once after completing current scan, reboot that machine and check.
if still getting issue. please use MALWARE-BYTES.
if still getting issue. please use MALWARE-BYTES.
You need to run the applications i have suggested especially rogue killer it will change all the apps so they run properly. Also it is important after running rkill to remove the malware using malwarebytes. Rkill just kills the running apps but does not remove the virsus. rogue killer will help change the default applications so that the file associations are back to normal. For example so that MS word will open up doc, adobe pro or adobe reader to open pdf etc. http://www.bleepingcomputer.com/download/roguekiller/
ASKER
The rkill worked to stop the virus until I could run other software for removal. Malware Bytes also worked to quarantine. Dr. Web worked to quarantine but not remove. Manual removal worked by deleting the file in the folder: supporter. The program file was supportersvc.dll
Then a rootkit removed the rest.
Thanks for all the help.
Ken
Then a rootkit removed the rest.
Thanks for all the help.
Ken
I was happy to offer at least some of the assistance in resolving the issue, I see your hard work did pay off. Good job in sticking it out.
Although I do not know the name of this virus it could go by many names. This will only repair the damage what the virus has done it will not remove the virus you need to run malwarebytes to finish removing the infection, by running malwarebytes you will find the name of this malware/virus.