cyrillic/russian text in windows explorer on Windows Server 2007 Standard
Posted on 2014-11-14
Recently, it was brought to my attention that a server running Windows 2007 Standard edition randomly displays Russian webpages in the default browser without having launched the browser. It is also defaulting to Cyrillic text when typing in new folder names, or trying to type in the name of an executable in the Run line, or in typing text in Wordpad on the system. I noticed winrar (ru) was also installed as was Firefox (ru), both of which I uninstalled. I also ran TDSkiller and it found nothing. I ran MalwareBytes as well, with only a minor "Pup" object discovered. I also noticed a .txt file (2K in size) with a name in Russian, and the contents are also in Russian (I see some email addresses in it with @mail.ru. It appears to be a windows install log file of some sort.
I checked the Regional and Language settings in Control Panel and they are all set to the correct, US, settings.
I certainly want to find and remove the cause of what clearly appears to be an infection despite the inability of
the tools I have used to locate and remove it. However, I would first like to reset the Windows Explorer setting(s) that are causing anything I type to appear in the Cyrillic font type. So, any assistance on both the search for and removal of the infection, and the correction of the text would be greatly appreciated.