"has stopped working" virus stops all exe files from running

I am a beginner admin for a Windows 2008 Server, R2.  The server has just come down with a virus and I could really use some help.

The virus stops me from running any of the installed programs with the message that the program (that I have clicked on to run) "has stopped working".

The dialog box then gives the standard windows choices of searching online for a solution or closing the program.  

All antiviral programs are blocked and the Dr. Web antivirus for servers that I had running appears to have been uninstalled by the virus.

What is the name of the virus.  What is the best way to remove it?

Any help appreciated.
Who is Participating?
web_trackerConnect With a Mentor Commented:
Download rkill from Bleeping computer, you can download different flavores of this application some are not exe files so you can fool the virus in thinking this is not an exe file. Once rkill is successfully run you can run malwarebytes and rogue killer to kill this virus. http://www.bleepingcomputer.com/download/rkill/   Try the rkill.com or the rkill.scr versions of the application as these are not exe files, at least it fools the virus that they are not executable files.
you can also use the fix exe program to repair the damage that prevents you from running excutables. http://www.bleepingcomputer.com/download/fixexec/  This will fix your exe problems. Note there are many flavors of this application as well. Note there are 32 bit and 64 bit versions of the application you need to download the appropriate version that matches your version of the operating system. I keep these tools in my arsenal.

Although I do not know the name of this virus it could go by many names. This will only repair the damage what the virus has done it will not remove the virus you need to run malwarebytes to finish removing the infection, by running malwarebytes you will find the name of this malware/virus.
ken_bAuthor Commented:
I will try this in the am.  off to sleep for now...
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

use kaspersky http://free.kaspersky.com/

after removing virus. search for malware using malwarebytes.

malwarebytes works perfect for this kind of situations.
ken_bAuthor Commented:
6 am and back at it.  

Used Rkill, the one that has a screensaver extension.  It ran.  It didn't find any viruses, but it did seem to make a change, from what I believe was a process where it stated that it reset the exe and com associations.  

After Rkill ran, I was able to run new antivirus programs and am now reinstalling the Dr. Web server anti-viral suite.  It is scanning now.

But I clearly still have a problem: all of the programs that I tried to open, and which came up with the "will not open" message, still will not open and have the same message.  What has changed is that I can now open a new program without the message coming up.

Should I reinstall all the affected programs that currently won't open?

What goes?

I will run some other anti-viral programs like malware bytes when the current scan is done.

Again, any help is appreciated.
once after completing current scan, reboot that machine and check.
if still getting issue. please use MALWARE-BYTES.
You need to run the applications i have suggested especially rogue killer it will change all the apps so they run properly.  Also it is important after running rkill to remove the malware using malwarebytes. Rkill just kills the running apps but does not remove the virsus. rogue killer will help change the default applications so that the file associations are back to normal. For example so that MS word will open up doc, adobe pro or adobe reader to open pdf etc.  http://www.bleepingcomputer.com/download/roguekiller/
ken_bAuthor Commented:
The rkill worked to stop the virus until I could run other software for removal.  Malware Bytes also worked to quarantine.  Dr. Web worked to quarantine but not remove.  Manual removal worked by deleting the file in the folder: supporter.  The program file was supportersvc.dll
Then a rootkit removed the rest.

Thanks for all the help.

I was happy to offer at least some of the assistance in resolving the issue, I see your hard work did pay off. Good job in sticking it out.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.