Morrie:
Servers have a mucxh higher responsibility than mere workstations. You don't mention what
theis "server' is for but I am sure that users require it's services.
When it comes to Servers - Security, Security and more Security !
Administrtors can would and should loose their jobs for being lax in security. The
objective is to protect a server from being infected, not cleaning infectors. While I'm not
sure their viruses, I am pretty sure you have malware. Such malware as spyware can be as
disasterous as if not more than viruses.
You don't mention HOW someone "downloaded some program(s) on to a server" but you must
*never* let that happen, ever.
Enough lecturing...
1) Download the following three items...
Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp
Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp
Adaware SE (personal free version)
http://www.lavasoftusa.com/
Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
Download sysclean.com and place it in that directory.
Dowload the signature files (pattern files) by obtaining the ZIP file.
For example; lpt210.zip
Extract the contents of the ZIP file and place the contents in the same directory as
sysclean.com.
2) Update Adware with the latest definitions.
3) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode
5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using both the
Trend Sysclean utility and Adaware
7) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) If you are using WinME or WinXP, create a new Restore point
You can also try some of the below online scanners.
Trend:
http://housecall.antivirus.com
http://housecall.trendmicro.com
F-Secure:
http://support.f-secure.com/enu/home/ols.shtml
McAfee:
http://www.mcafee.com/myapps/mfs/default.asp
Panda:
http://www.pandasoftware.com/activescan/
Kaspersky:
http://www.kaspersky.com/de/scanforvirus
Symantec:
http://security.symantec.com/
BitDefender
http://www.bitdefender.com/scan/license.php
Freedom Online scanner
http://www.freedom.net/viruscenter/index.html
* * * Please report your results ! * * *
Dave
| Someone downloaded some program(s) on to a server. I DO NOT believe these are
| Win2K programs.
|
| I tried to rename them to *.bad, like Eda76.exe.bad but some how they keep
| coming back under a changed name, like Jlyov72.exe.
|
| The names are like:
|
| Eda76.exe, Xej7.exe, HvgkmB.exe, Gqa0w.exe, Jwdj.exe, MipL9X4.exe,
| NqodOyk.exe, Qzr0w1A.exe, LerQ.exe, RxyRb.exe, Sovr.exe, ToeID.exe,
| PurX6.exe, etc.
|
| They are in DIR C:\WINNT\system32
|
| They can be seen running in Task manager.
|
| If I terminate them, they just start up again!
|
| Has anyone seen these type of programs running? Anyone know how to get rid
| of them? Point me to some other sites for help?
| --
| Thanks
|
| Morrie