Jump to content

Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


unhide and Windows Server 2008 R2

  • Please log in to reply
5 replies to this topic

#1 Albertonex


  • Members
  • 2 posts
  • Local time:03:40 AM

Posted 30 May 2012 - 04:54 AM

Hello, this is my first post here :-)
It seems that the evil virus that hides the 99,98% of files on windows is really NOT detected by standard anviruses, but let me thank unhide.exe for have made relive a Windows 7 64Bit start menu of a pc that got hitted by this kind of virus :-))

Now my question, i've a server running Windows Server 2008 R2 that got hitted by Alureon/FE virus that hided tons of files and the links on start menu.
Now the system is up again (we've un-hided manually the files via attrib because it happened over one month ago and we didn't knew about unhide.exe) but the start menu is still compromised. I've tried to run unhide.exe but it says that Windows Server 2008 isn't a supported os....

There is any other way? Else i will have to reinstall the os and all the applications...
Thanks for the help !

BC AdBot (Login to Remove)


#2 Nate15329


  • Members
  • 91 posts
  • Gender:Male
  • Local time:08:40 PM

Posted 30 May 2012 - 11:22 PM

Since your server was hit by a virus, I would start from a clean state due to the high possibility of an infection is still there and also increase the server's security, so that would most likely not to happen again. Also, after you have rebuilt & reconfigured the server, I suggest you to disk image it for a quick restore. Also, I hope you guys know that user information may have been leaked as well.

Here's info about the virus and how to basically to prevent it for anyone who wants to know: link

#3 cryptodan


    Bleepin Madman

  • Members
  • 21,868 posts
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:01:40 AM

Posted 01 June 2012 - 10:46 PM

How did the server become infected with this rootkit?

This would mean that someone was actively using it to surf the internet, or introduced malicious software into the environment via CD or Flash Drive.

#4 Albertonex

  • Topic Starter

  • Members
  • 2 posts
  • Local time:03:40 AM

Posted 06 June 2012 - 09:12 AM

We don't know, but users access it via TS Services. It was probably a pen drive or something like this...
Anyway i've got it back all the missing .lnk files from another server and now is definitely fixed with all the shields up :-)

#5 amesian


  • Members
  • 1 posts
  • Local time:06:40 PM

Posted 04 December 2012 - 05:25 PM

So is there an unhide.exe for windows server 2008 r2?

#6 Animal


    Bleepin' Animinion

  • Site Admin
  • 28,878 posts
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:05:40 PM

Posted 04 December 2012 - 06:39 PM

No that OS is unsupported. http://www.bleepingcomputer.com/download/unhide/

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)

"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)

Follow BleepingComputer on: Facebook | Twitter | Google+

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users