Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! my server is toast, new virus!


  • Please log in to reply
4 replies to this topic

#1 KATHLEENW

KATHLEENW

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 28 April 2011 - 02:25 PM

even Combofix cannot be installed, or any other virus software, it's blocked. Even in safe mode it says that Conbofix, AVG, Norton, and MCAfee are all not compatible with the OS, which is of course incorrect.

The service host exe has a weird service that says it's "starting" but neve does, spins and takes up all the CPU, it already ate one hard drive on another PC in my office.

It says it is the Config Installer, with a svchost.exe stat up. If you try to turn it off or disable it, it says Access Denied. It poses under different names and on antoehr server it calls itself Drive boot, same issue. I can't get any files with the same name to delete in the registry either.

Has anyone seen this, is there anything I can do?

BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:08:47 PM

Posted 28 April 2011 - 04:18 PM

Hello

I take it this is a business computer?

If so, I strongly recommend you to ask your IT suppport/network Administrator to fix this. After all they are paid to do so.

I ask this for several reasons:
  • There may be restrictions and modifications installed on such machines that could be damaged or altered by the actions we take to remove Malware.
  • Any infection could jump terminals in a computer network.
  • There may also be legal issues regarding any loss of business data that I do not wish to deal with.
  • Some people who come here use their computers for work, and the computers may contain the patient records of a physician or the financial records of an accountant's clients or credit card and bank account information of their employer's customers.
  • There may be tremendous risks and legal liability for such users for not fully securing the computer. We will not know this unless we ask. We do not want to be accidentally putting those we help in vulnerable positions for law suits.
  • Business factors outweigh technical factors in making the reformat and reinstall decision. Sometimes friends give missing CDs or lack of expertise as a reason for not doing a reformat and reinstall.
  • The cost of replacing missing Windows XP and MS Office CDs and getting an Microsoft Certified Systems Engineer to come in for 3 hours to do the reinstall and apply all the critical updates, is trivial compared with the potential cost of a multi-million dollar lawsuit for breach of trust if confidential client or patient information is disclosed.
  • In specific situations where highly confidential information about others is on the computer, and a backdoor virus or trojan is found, we are helping people more by identifying that they have a backdoor trojan which puts them in a particularly vulnerable situation and sending them to seek local professional help from a Microsoft Certified Systems Engineer or Certified Information Systems Security Professional or Global Information Assurance Certification Certified Security Expert or Certified Computing Professional or Internet Service Provider than we would be trying to fully resolve their problems long distance.

If this is not an option or you wish to try and continue, you will need to follow the instructions in This Guide starting at Step 6.

Once the proper logs are created, then make a NEW TOPIC and post it HERE Please include a description of your computer issues and what you have done to try to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

I should finally warn you that malware removal is a hazardous undertaking, especially in this sort of situation. We will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for us to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and we cannot guarantee the safety of your system.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 KATHLEENW

KATHLEENW
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 28 April 2011 - 04:21 PM

Thanks, but I was really asking if anyone has seen this virus and it's characteristics. None of the main virus softwares have a way around it, and none of them work. It's already jumped computers. 3 that I know of. I don't actually have an administrator on site, other than basic network support. And they haven't seen this either.

And also, one scanner did say it removed infected files, then that server won't reboot at all, it's toast, so this thing is booby trapped on all sides.

#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:08:47 PM

Posted 28 April 2011 - 04:39 PM

Honestly without careful analysis there's no way to identify the particular infection at work here. There could be any number of infections that cause the symptoms you describe.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#5 KATHLEENW

KATHLEENW
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 28 April 2011 - 05:09 PM

OK, well, the virus will not allow to download any programs at present, we are trying to get around that. Thanks for your reply.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users