Posted 05 October 2011 - 02:34 PM
Dear Masters of the Virus:
Yesterday my Windows Home Server (based off server 2003), running the latest version of Avast for server, detected some attempted access to malware sites and supposedly blocked them. (no browser directed me to those sites, so I assume it worked) However this was a symptom of a virus deeper down. After a few minutes I got the blue screen of death, and the computer restarted. When it came back up, the same thing happened, attempted access to sites, and then blue screen and restart.
(having a hard time getting logs for these, the computer stops working in normal or safe mode, and after a few minutes from starting it up, I cannot access any of these programs)
I can't get avast to run a scan (it says it's doing active protection, but that's it)
Log: 10/4/2011 SYSTEM 920 sign of "win32:Sirefef-O [Rtk]" has been found in "C:\Windows\2941388334:3522800976.exe" file.
Each restart, brings this running in the process tree, and I can't terminate it.
-AVG boot CD w/ updated definitions
Detected Win32/Heur virus
Detected Renosa-J [Wrm]
Detected Sirefef-O [Rtk]
Cleaned / deleted files for all (supposedly)
Current scans show no infected files
-Dr. Web CureIt (super long scan!)
Found 4 infected files and those were "deleted"
Reports the file "sbscrexe.exe" has a hidden rootkit virus
-Dr. Web Live CD
Errors loading it, so it wouldn't start.
Note: I cannot run DDS b/c of my computer being a server. I am happy to run any other scanners, etc. you need me to, just let me know!
Thanks for the help in advance, a lot of people are depending on this server (as usual I'm sure).