Server 2003 and workgroup wierd virus.., I've never come across this and need help re

Discussion in 'Malware Help (A Specialist Will Reply)' started by ChrisKaelin, Sep 30, 2008.

  1. ChrisKaelin

    ChrisKaelin Private E-2

    Hello,

    I’ve been having a weird problem with the server and the workgroup computers. It seems that all of them are infected with the same virus. However, no VP software can pick it up and I haven't come across something like this before. Here is what is happening (across the board, even the server as well):

    1. When you try to access any network drive it asks you to select a program like it would an unknown file type. (I wrote a batch file that launches the network drive in explorer for the office personnel to get around for the time being).
    2. The year is set back to 2000
    3. After a time period no applications can be accessed, similar to the activation wizard lockout procedure but the start menu can still be accessed.(you can't even create a new tab in explorer, right click also disabled)


    ummmm?

    P.S. //ip127.cn[ is also registering on everyone's computer... I know that this is a known problem. I have removed it and I do not think it's the cause of these problems... However, I may be wrong...

    Thanks,
    Christopher Kaelin
     
    ChrisKaelin, Sep 30, 2008
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: Server 2003 and workgroup wierd virus.., I've never come across this and need hel

    Welcome to Major Geeks!

    Please follow the instructions in the below link and attach the requested logs when you finish these instructions.


    READ & RUN ME FIRST. Malware Removal Guide
    • If something does not run, write down the info to explain to us later but keep on going.
    • Do not assume that because one step does not work that they all will not.
    Notes:

    1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
    2. If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
     
    chaslang, Oct 2, 2008
    #2
  3. ChrisKaelin

    ChrisKaelin Private E-2

    Re: Server 2003 and workgroup wierd virus.., I've never come across this and need hel

    Thanks but I already corrected the issue.. I identified the worm as WORM_GEXIN.D, looked in my virus protection's "virus encyclepedia", reviewed the removal method (which envolved starting in safemode and correcting the registery). I then shut down my switchboards and went computer by computer following the procedure and following up with a virus scan.... In the end all was good..

    :D
     
    ChrisKaelin, Oct 4, 2008
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: Server 2003 and workgroup wierd virus.., I've never come across this and need hel

    You're welcome.

    I'm happy to hear you have fixed your problem.
     
    chaslang, Oct 4, 2008
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds