Network in Trouble

Discussion in 'Networking' started by ra_sriniketan, Jan 26, 2006.

Thread Status:
Not open for further replies.
  1. ra_sriniketan

    ra_sriniketan Member

    Joined:
    Jul 22, 2005
    Messages:
    299
    Likes Received:
    0
    Trophy Points:
    16
    We have a network in our college wit bout 120 computers in LAN running under WINDOWS 2000 SERVER.Suddenly one day while browsing the Internet all the mouse pointers in all the PCs got freezed also the keyboards stopped workin,although the CTRL+ALT+DEL button is workin.The NETSERVER subsequently stopped workin after manually restartin all the PCs.Formatted the NETSERVER but is unable to install any anti-virus software.Whenever we try to click on the setup icon,the anti-virus folder get closed n gets back to the desktop.Is this a virus?Although no virus alert is given.We r in big trouble.HELP.
     
  2. phatratt

    phatratt New Member

    Joined:
    Jan 5, 2006
    Messages:
    263
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Mysore
    yup,looks like a virus/trojan infestation.If u can access task manager by pressing ctrl+alt+del check if there are any .exe program with strange names.
     
  3. OP
    OP
    ra_sriniketan

    ra_sriniketan Member

    Joined:
    Jul 22, 2005
    Messages:
    299
    Likes Received:
    0
    Trophy Points:
    16
    Ok.Here r some more things that might give u guys some clues.Saw lots of zip files in the drives with strange names.Also the machines showing "low on virtual memory".While shutting down all the machines showing "winzip encountered an error".If i unplug the network the machines r runnin absolutely ok.Is there any patches to solve this prob?
     
  4. mediator

    mediator New Member

    Joined:
    Mar 18, 2005
    Messages:
    2,491
    Likes Received:
    16
    Trophy Points:
    0
    Location:
    In ur Evil Mind!
    yup definitely some virus coz u said a lotta zip files with strange names!
    This is what u can do..try it!
    Share the whole hardisk of the iinfected pc's with both read/write enabled, connect to another non infected pc with a good updated antivirus. Now open the infected pc's hardisk from the clean pc and do a virus scan!
    You can scan the server first and then all the remaining pc's thru the server!
     
  5. OP
    OP
    ra_sriniketan

    ra_sriniketan Member

    Joined:
    Jul 22, 2005
    Messages:
    299
    Likes Received:
    0
    Trophy Points:
    16
    K will try but in most of the PCs the antivirus also got crashed.Usin Avast.Is it good enough?
     
  6. digen

    digen New Member

    Joined:
    Feb 8, 2004
    Messages:
    745
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Belgaum
    That sums up things for me.A virus/worm infection circulating in the network.

    The first & foremost thing you should do is unplug any/all machines which are having internet access.This certainly minimizes the further risk or damage involved of a malicious program causing havoc or phoning home.

    The next step would be to one by one scanning for virus,spyware & the likes.

    Arent these machines running a AV ? Which OS are the host machines running?

    Installing & scanning using a freebie AV like AVG would be good for a start.
     
  7. OP
    OP
    ra_sriniketan

    ra_sriniketan Member

    Joined:
    Jul 22, 2005
    Messages:
    299
    Likes Received:
    0
    Trophy Points:
    16
    OS-Windows 2k professional,Usin Avast but most of them got corrupted n r not able to reinstall it.Whenever tryin to install the anti-virus folder that contains the set up file shuts down automatically n gets back to the desktop,happenin in case of norton2003 too.
     
  8. OP
    OP
    ra_sriniketan

    ra_sriniketan Member

    Joined:
    Jul 22, 2005
    Messages:
    299
    Likes Received:
    0
    Trophy Points:
    16
    The dubious processes that r running r:
    smss.exe,SMAgent.exe,csrss.exe,Smax4.exe,Smax4PNP,hellmsn.exe,winzip.exe.If I end the hellmsn and winzip the PCs seems to run OK for sometimes.Its creatin lots of zip files in the hdd.Can someone plz tell me wat is the name of this virus/trojan/worm n wats the remedy?If any1 wants to know bout all the processes i can write them down.Plz help its very urgent.
     
  9. phatratt

    phatratt New Member

    Joined:
    Jan 5, 2006
    Messages:
    263
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Mysore
    Smax4.exe,hellmsn.exe

    these two exe's looks like some virus name.Try to boot in safe mode and ermove them from msconfig and try to search for the exe file by these above mention names and search,delete or rename it IF POSSIBLE.Its just an expirement i don't know weather it will work or not but just give a try.
    8)

    Also smss.exe and csrss.exe are critical tasks of winXP/2k u can't just open the task manager and kill them but these two files are easily targetted by worms and disguise themselves in these file names.
     
  10. mehulved

    mehulved 18 Till I Die............

    Joined:
    Jul 15, 2004
    Messages:
    5,790
    Likes Received:
    44
    Trophy Points:
    0
    Location:
    India, Mumbai, Marine Lines
  11. OP
    OP
    ra_sriniketan

    ra_sriniketan Member

    Joined:
    Jul 22, 2005
    Messages:
    299
    Likes Received:
    0
    Trophy Points:
    16
    Thanx mate for the confirmation with the trojan name,but is there any tool or patch with which i can kill it?cause i have already used the mytob patch from microsoft security bulletin,its not workin on this mytob varient.
     
  12. mehulved

    mehulved 18 Till I Die............

    Joined:
    Jul 15, 2004
    Messages:
    5,790
    Likes Received:
    44
    Trophy Points:
    0
    Location:
    India, Mumbai, Marine Lines
    Check it out on the symantec website they will most probably have the virus removal tool. Read the instructions in the link I provided you to the symantec site.
     
  13. __Virus__

    __Virus__ New Member

    Joined:
    Sep 15, 2005
    Messages:
    560
    Likes Received:
    1
    Trophy Points:
    0
    Location:
    Hyderabad
    dont u use a good antivirus or what
     
  14. mehulved

    mehulved 18 Till I Die............

    Joined:
    Jul 15, 2004
    Messages:
    5,790
    Likes Received:
    44
    Trophy Points:
    0
    Location:
    India, Mumbai, Marine Lines
    A virus asking for an antivirus lol. BTW he has mentioned about using Avast and Norton anti-virus. But, dunno if he updated it often enough and kept it turned on or no. Or maybe he tried to dig a well when the house was on fire ie. tried to install anti-virus when his network was already infected.
     
  15. OP
    OP
    ra_sriniketan

    ra_sriniketan Member

    Joined:
    Jul 22, 2005
    Messages:
    299
    Likes Received:
    0
    Trophy Points:
    16
    Formatted the NETSERVER totally including all the drives as a stand alone machine.Updated the Avast anti-virus on 29.01.06.It caught a worm named:W32 VB-CD.worm,failed to repair it but deleted it.But it started to create winzip.tmp file in c drive and also some strange zip files in the other drives.Deleted them.Any solution?Cause it seems it might attack again.
     
  16. __Virus__

    __Virus__ New Member

    Joined:
    Sep 15, 2005
    Messages:
    560
    Likes Received:
    1
    Trophy Points:
    0
    Location:
    Hyderabad
    As you mentioned u already formatted the server, seems its not the prob with it. May be a machine on ur lan is affected. As siri or some mod pointed out, y dont we disconnect all the machines from internet as well as lan and give a through full system scan with a good antivirus ( i wud always suggest kaspersky, diff ppl have got diff views) so that might prolly help u out.
     
  17. OP
    OP
    ra_sriniketan

    ra_sriniketan Member

    Joined:
    Jul 22, 2005
    Messages:
    299
    Likes Received:
    0
    Trophy Points:
    16
    Almost all the machines r affected. Ok i'll give it a try.
     
  18. __Virus__

    __Virus__ New Member

    Joined:
    Sep 15, 2005
    Messages:
    560
    Likes Received:
    1
    Trophy Points:
    0
    Location:
    Hyderabad
    Do keep us updated
     
  19. mehulved

    mehulved 18 Till I Die............

    Joined:
    Jul 15, 2004
    Messages:
    5,790
    Likes Received:
    44
    Trophy Points:
    0
    Location:
    India, Mumbai, Marine Lines
    Man this is gonna be major trouble if all the machines are affected. Also a good firewall with an anti-virus will help a lot.
     
  20. OP
    OP
    ra_sriniketan

    ra_sriniketan Member

    Joined:
    Jul 22, 2005
    Messages:
    299
    Likes Received:
    0
    Trophy Points:
    16
    Two virus/worms have affected the machines.Win32.Mytob & Win32.Blackmal(VB-CD).E.Downloaded the removal tools from Symantec site.All the machines got affected by the Win32.Blackmal one & bout 70% r affected by both.The tools r removing the viruses from the machines very effectively but after some times all the machines r gettin affected again.Main problem is the machines r not able to run any software which requires a lil bit of memory,like photoshop or even a scanner software and after i formatted the netserver i downloaded & installed the 29.01.06 update of Avast anti-virus.But today it got crashed & any anti-virus is gettin crashed in all the machines.After wiping out the Win32.Mytob worm the removin tool is givin a messege to download two patches from microsoft security bulletin one of which i have already installed with no effect on this mytob varient and the other one is for shared server 5.5.But no such patches for Win32.Blackmal.I have seperated bout 50 machines from the network & removed all the viruses for the running of all the softwares.Should I unplug n remove the viruses from all the machines and then log them back into the network?Is there any free anti virus for Windows 2000 server?I m totally confused & in a mess.Plz help.
     
Thread Status:
Not open for further replies.

Share This Page