locked
virus problem RRS feed

  • 問題

  • I am using windows server 2003 & R2 , I already install the NOD32 anti-virus software and window update to protect the server, but now always have some folder or word file copy in the same position with the extention ".exe", and some folder always change to hidden attribute automatically, what can I do , sir ? Please help? 

    2008年11月19日 下午 01:46

解答

  • Dear Customer,

    As far as I know, the most likely cause of copying .exe file is malware that is running on the computer, such as a virus, worm, Trojan, backdoor, spyware application or other type of hacker tool.  Please perform the following steps to see if the problem can be resolved:

     

    1. Run a full anti-virus scan on the computer using the latest definitions, or use one of the free scanning services available on the Web. The following are links to definition updates from the most popular anti-virus software vendors:

     

    Symantec

    http://securityresponse.symantec.com/avcenter/defs.download.html

     

    McAfee

    http://download.mcafee.com/updates/updates.asp

     

    Trend Micro

    http://www.trendmicro.com/download/

     

    I appreciate your time and cooperation. If anything is unclear, please feel free to let me know. I am looking forward to hearing from you.

    Sincerely,


    Tom Zhang

    2008年11月20日 上午 09:18
    版主

所有回覆

  • It may due to one of the follows:

    1. Out-dated virus definitions and inflected by virus

    2. Up-to-date virus definitions but still inflected by virus

    3. Hacked by somebody

    4. Normal file management activities from the network through remote desktop or something like that

    5. Actions performed by some installed applocations

    6. inflected by rootkits

    7. etc...

     

    Since there are many possibilities, I think you have to further monitor the activities on your server before conclude the cause.  However, I would suggest you can un-plug your server from the network first so that you can isolate the issue.

    2008年11月19日 下午 01:54
  •  

    1. check any abnormal values are added to regedit ( Start > run > regedit) "Computer\HKEY_LOCAL_MACHINE\SOFTWAARE\Microsoft\Windows\CurrentVersion\Run"

     

    2. check any abnormal services are automatically started "start > run > services.msc"

     

    3. check startup folder

     

    4. download "process explorer" from microsoft and check running program details

    http://www.microsoft.com/taiwan/technet/sysinternals/utilities/ProcessExplorer.mspx

     

    5. download autorun to check any abnormal services run when system startup

    http://www.microsoft.com/taiwan/technet/sysinternals/utilities/autoruns.mspx

     

     

    2008年11月19日 下午 03:50
  •  

    It seems that you already got infected.

     

    Try to remove virus with following method.

     

    1.boot in safe mode

     

    2.Check if there is any abnormal  services , disabled them.

     

    3.check any abnormal program which start automatically when windows start, remove them

    (check HKLM\Software\Microsoft\Windows\CurrentVersion\Run)

     

    4.write down all abnormal exe file name, and use the "Search" funtion in regtry editor search all of them and remove them from registry.

     

    5.Go to all users folder on server. Delete everything in 

    a. C:\Docuemnt and settings\username\Local Settings\Temp    and

    b. C:\Docuemnt and settings\username\Local Settings\Temporary Internet Files

    c. C:\Docuemnt and settings\username\Local Settings\Temporary Internet Files\Content.IE5

     

    6.Delete all abnormal exe files in C:\

    2008年11月20日 上午 02:22
  • Dear Customer,

    As far as I know, the most likely cause of copying .exe file is malware that is running on the computer, such as a virus, worm, Trojan, backdoor, spyware application or other type of hacker tool.  Please perform the following steps to see if the problem can be resolved:

     

    1. Run a full anti-virus scan on the computer using the latest definitions, or use one of the free scanning services available on the Web. The following are links to definition updates from the most popular anti-virus software vendors:

     

    Symantec

    http://securityresponse.symantec.com/avcenter/defs.download.html

     

    McAfee

    http://download.mcafee.com/updates/updates.asp

     

    Trend Micro

    http://www.trendmicro.com/download/

     

    I appreciate your time and cooperation. If anything is unclear, please feel free to let me know. I am looking forward to hearing from you.

    Sincerely,


    Tom Zhang

    2008年11月20日 上午 09:18
    版主
  • Dear Customer,

     

    I just wanted to say hi, and to see how things are going. I haven't heard back from you yet and I was wondering if there are any updates on the service request.

     

    Thanks.

     

    Sincerely


    Tom Zhang

     

    2008年11月25日 上午 06:23
    版主