Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SBS 2008 issues after Cryptlocker


  • Please log in to reply
3 replies to this topic

#1 Michael.Talbert

Michael.Talbert

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 19 August 2014 - 10:20 AM

Hello guys,

 

First off let me start by saying thanks for all the info you guys have put up over the years its always been helpful. Now on with the Problem.

 

 

I have an SBS 2008 server that got Cryptlocker virus about 2 months ago and we have cleaned it and used your instructions to remove the virus. We did loose data but we had a backup so loss was minimized. However, we are still having issues with processes not closing out on the server. Even after the program is closed it is still showing open. I did not notice this till I got an issue with there Datto backup where it would cause the process to hang and not close. When I went to kill the process in task manager i found hundreds of processes call platform_handler.exe.

Attached File  process.jpg   130KB   1 downloads

I cannot kill the process ether. I have ran antivirus, Eset, Symantec, Emsisoft and all have not detected anything. Any help would be great. 

 

 

Thanks

Michael



BC AdBot (Login to Remove)

 


#2 sflatechguy

sflatechguy

  • BC Advisor
  • 2,226 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:26 AM

Posted 19 August 2014 - 12:15 PM

If you right click-them and check the properies, where is the file for this process located? Can you check to see what services, if any, are associated with this process?

 

That exe file is most often associated with either Google Chrome or Java. Since it's unlikely you would have either installed on a server, I would say those are probably leftovers from the cryptovirus.



#3 Michael.Talbert

Michael.Talbert
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 19 August 2014 - 01:26 PM

I think I narrowed it down I found that Intel Active System Console was installed and the process_handler.exe file was associated with it. I was able to uninstall it as they really don't need it because we have a different monitoring software installed. Once I restarted it cleared the que and now running at about 125 processes instead of over 1000. Thanks for the help if i need any thing else i will post back.

 

Thanks

Michael



#4 sflatechguy

sflatechguy

  • BC Advisor
  • 2,226 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:26 AM

Posted 19 August 2014 - 01:31 PM

That's good. That's one of those generic process names that could be associated with just about anything.
Glad you got that resolved.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users