Virus attack

Anyone come across .scr screensaver malware/trojanq this virus?

How can i clean it..
CLAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPOwnerCommented:
.scr is a renamed .exe that is normally used by screen savers
boot the machine from a install disk and go to repair/command prompt
and then search and delete the file.
Shaun VermaakTechnical SpecialistCommented:
Anyone come across .scr screensaver malware/trojanq this virus?
Impossible to tell by extension

Generally, an SCR is an application written with the appropriate methods to make it a screensaver. As per above some EXE can be renamed to SCR and will be triggered when the screensaver's settings trigger.

Malware writers leverage this by setting the screensaver to launch the malicious EXE.

Reading your subject suggests a file was attached. If you want to see what virus it is, instead submit it to
http://www.virustotal.com/
virustotal.png
bbaoIT ConsultantCommented:
as clarified above by other experts, .SCR is just a filename extension for Windows Screensaver, which basically is an executable file in EXE format. technically, any EXE file can be renamed and loaded as a screensaver though the file is not intended to behave that way.

yes, traditionally .SCR file is a way for some virus to hide as the filename extension is not that sensitive for most average Windows end users. but technically the two things (SCR and virus) are not related at all.

if you are worried about having some virus hidden specifically in SCR files, you may scan them using any up-to-date anti-virus software, or remove any non-Microsoft SCR files especially those with an invalid Microsoft certificate.
CLAuthor Commented:
Just to give an update, installed sophos intercept x it detect the *.SCR.

It able to detect the *.SCR file but the particular folder is keep generating the *scr extension file and Sophos keep detect -> clean -> delete.

Probably need to find out the source, else need to restore the server data.

Anyway thanks for all the advice and sharing..

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.