Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


EEK! I have just got a security system virus in hospital network.

  • This topic is locked This topic is locked
3 replies to this topic

#1 picturecar


  • Members
  • 41 posts
  • Local time:03:13 PM

Posted 13 April 2010 - 11:21 AM

A network user utilizing remote desktop got the security virus scan virus that emulates windows 7 desktop. I ran Malwarebytes and Superantispyware registered on server. I do have a Hijack this log as well.

I was thinking of running fake virus remover but want your thoughts. do I post log here.

OS server 2003 and workstations arer smart terminals with remote desktop and some are dumb terminals.


BC AdBot (Login to Remove)


#2 buddy215


  • BC Advisor
  • 12,881 posts
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:13 PM

Posted 13 April 2010 - 02:14 PM

Your best bet is to update SAS and MBAM and scan again. Both programs update 2 or more times each day to keep up with the malware.
The rogue security programs are constantly changing file names, etc. to hide from the legit security programs.

You should post the logs of the original scans and any new logs in the "Am I Infected, What Do I do" forum.
DO NOT post HJT unless asked to do so.

The infected computer needs to be cleaned up, too. Remove all temporary files, caches, logs, etc. using Windows Cleanup or
your favorite cleaning program.

Once the computer is cleaned up and malware free, you should remove ALL restore points as some are likely infected.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 picturecar

  • Topic Starter

  • Members
  • 41 posts
  • Local time:03:13 PM

Posted 13 April 2010 - 03:17 PM

Thanks Buddy I appreciate that I will go to the Am I Infected, What Do I do forum

I will create new restore points, had not thought of that, thanks.

I did update both programs and then I scanned and ran the Hijack this.


#4 Orange Blossom

Orange Blossom

    OBleepin Investigator

  • Moderator
  • 36,804 posts
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:13 PM

Posted 13 April 2010 - 09:54 PM

Since you have a topic posted here: http://www.bleepingcomputer.com/forums/t/309474/2003-server-r2-infected-with-security-virus/ I'm going to close this one to avoid confusion.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users