Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware blocking network access...


  • Please log in to reply
1 reply to this topic

#1 bowlernick

bowlernick

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 20 June 2013 - 02:27 PM

Hi gang.  I have a client that has 5 workstations - all running Windows XP Professional and running Windows 2000 on the server.  Yesterday, they called, complaining that one of the workstations could not connect to the Internet and lost network connectivity.  I went in, brought the system back to my office.  Interestingly, I plugged the system in and had an Internet connection.  I started the system in safe mode with networking and ran the following: TDSS Killer, Rkill, Malwarebytes.  Malwarebytes reported pum.bad.proxy.  It removed it.  I wasn't satisfied with the resolution and googled the malware.  A post from this site suggested running SuperAntiVirus, so I installed and ran that.  It found numerous cookies and tossed them (it tosses its cookies.  :-) ).  A second scan showed clean results.  I checked the LAN settings and they were fine.

 

I returned the system to the client and found that another system was suffering from the same thing.

 

I hooked up the initial system and brought back the second system... same results as the first system above.  I got a call from the client about 20 minutes saying the same thing had happened again.

 

I am now thinking there is something on the server causing the problem as it seems to be the malware is making is rounds throughout the network.  As I mentioned, the server is running Windows 2000 - so I can't load my preferred malware removal software.  As Windows 2000 is no longer supported, I'm not about to do the old fashioned wipe and reload.  I don't even know if they have the original install cd's.  

 

Their tape back up failed long ago and they aren't spending any money on replacement backup software until they replace their technology.

 

Any suggestions?  I believe the malware is on the server... could the server have been hijacked?

 

Thanks!

 

 

.  



BC AdBot (Login to Remove)

 


#2 bowlernick

bowlernick
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 21 June 2013 - 08:17 AM

Update: One of the systems that has/had this issue started up fine this morning.  I had this system in my office last night and it connected fine.  I scanned for viruses, including an Avast! boot time scan... no malware.  I brought it back to this office and it's connecting and I have server access.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users