Re: Server Infected by virus and unable to clean

Re: Server Infected by virus and unable to clean
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Antivirus Discussions    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Re: Server Infected by virus and unable to clean Peter Foldes 05-31-2007
Posted by Peter Foldes on May 31, 2007, 2:04 am
If you were  Registered and logged in, you could reply and use other advanced thread options
posted to the public.security.virus via crosspost

.

> running windows 2003 server and infected iwth a virus
> the virus has disabled regedit, taskmanager and hides all desktop =
icons. it=20
> terminates any program including antivirus thats started. I have tried =
to run=20
> patches and service packs but this are terminated also. Is there any =
way i=20
> acn stop the virus from terminating the scan or a way of accessing the =

> registry without using regedit/regedit 32 command?
> any patch available that can run without being terminated by the =
virus?
> initial alerts were showing the virus to be Rontobro.b@mm
> i dont want to format the server
> any help?
> --=20
> frank

Posted by Malke on May 31, 2007, 8:34 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Peter Foldes wrote:
> posted to the public.security.virus via crosspost
>
> .
>
>> running windows 2003 server and infected iwth a virus
>> the virus has disabled regedit, taskmanager and hides all desktop icons. it
>> terminates any program including antivirus thats started. I have tried to run
>> patches and service packs but this are terminated also. Is there any way i
>> acn stop the virus from terminating the scan or a way of accessing the
>> registry without using regedit/regedit 32 command?
>> any patch available that can run without being terminated by the virus?
>> initial alerts were showing the virus to be Rontobro.b@mm
>> i dont want to format the server
>> any help?
>> --
>> frank

To the OP: I'm sorry that you don't want to format the server but that
is your only correct course of action. Flatten it and apply your most
recent backup image. Don't have an image? Then you'll need to rebuild
the server completely. Figure out where your security fell down and fix
those holes. Then create and implement a backup and disaster strategy.


Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

Posted by jen on May 31, 2007, 12:52 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
> running windows 2003 server and infected iwth a virus
> the virus has disabled regedit, taskmanager and hides all desktop
> icons. it
> terminates any program including antivirus thats started. I have tried
> to run
> patches and service packs but this are terminated also. Is there any
> way i
> acn stop the virus from terminating the scan or a way of accessing the
> registry without using regedit/regedit 32 command?
> any patch available that can run without being terminated by the
> virus?
> initial alerts were showing the virus to be Rontobro.b@mm
> i dont want to format the server
> any help?

See here(it's Rontokbro not Rontobro):
W32.Rontokbro.B@mm:
http://www.symantec.com/security_response/writeup.jsp?docid=2005-100313-3908-99&tabid=2
Tool to reset shell\open\command registry keys:
http://securityresponse.symantec.com/avcenter/UnHookExec.inf

-jen



Posted by =?Utf-8?B?TWlsbyAoTVNQU1Mp?= on June 1, 2007, 4:43 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Call this number 866 727 2338
this is Microsoft Security Toll Free and Free Support number
--
Milo
MSPSS


"jen" wrote:

> > running windows 2003 server and infected iwth a virus
> > the virus has disabled regedit, taskmanager and hides all desktop
> > icons. it
> > terminates any program including antivirus thats started. I have tried
> > to run
> > patches and service packs but this are terminated also. Is there any
> > way i
> > acn stop the virus from terminating the scan or a way of accessing the
> > registry without using regedit/regedit 32 command?
> > any patch available that can run without being terminated by the
> > virus?
> > initial alerts were showing the virus to be Rontobro.b@mm
> > i dont want to format the server
> > any help?
>
> See here(it's Rontokbro not Rontobro):
> W32.Rontokbro.B@mm:
>
http://www.symantec.com/security_response/writeup.jsp?docid=2005-100313-3908-99&tabid=2
> Tool to reset shell\open\command registry keys:
> http://securityresponse.symantec.com/avcenter/UnHookExec.inf
>
> -jen
>
>
>

Similar ThreadsPosted
How to clean an infected computer? October 30, 2007, 2:27 am
Web Server infected? September 16, 2005, 2:58 pm
Clean Clean DocumentEmail MicrosoftInternetExplorer4 January 26, 2006, 11:27 am
Virus Persists After Clean-Install October 23, 2006, 6:01 pm
Win 2K Server anti virus July 25, 2005, 4:49 pm
Couldn't log into Windows Server because of a virus January 21, 2007, 4:31 am
Anti-Virus on Server - Advice September 8, 2005, 7:33 am
setiathome virus on a 2003 server October 24, 2005, 3:20 am
How to get infected by virus? February 15, 2007, 10:18 pm
pc infected but cannot find the virus February 5, 2006, 11:35 am

The site map in XML format XML site map

Contact Us | Privacy Policy