Announcement

Collapse
No announcement yet.

Server Infected with Win32/Parite.B

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Server Infected with Win32/Parite.B

    Server is a Windows 2003 R2. Single server domain - about 8 PCs.

    When I was called in, there was no Anti-Virus software on the server, all of the PCs have MS Secuturity Essentials on them. First clue was a workstation stopping this virus when accessing the server for a shared file. The PCs seem to be defending themselves, but the server is not. (Oh and yes the server was being used as a workstation - by a person with full admin rights. I have advised the owner NOT to allow this again...)

    I installed Security Essentials (MSE) on the server (made the installer think it was XP) and ran check - found more than 1K files infected with the virus. MSE says it deisinfected them, but every couple of seconds, I get 10-15 more infection notices via the "real time" scan. I've tried scanning in safe mode - still persists.

    Here's the problem - the owner doesn't have the original Windows Server discs, nor can he afford to buy new ones, or pay me to rebuild the small domain. Since this is office, he also can't afford to be down more than a weekend. So I'm looking for more effective removal tools that are free and will leave the server functional.

    This appears to be an old virus, but I can't seem to stop it. Any help will be appreciated.
    Last edited by ScatterBrain; 18th August 2011, 22:05. Reason: Added additional information
    --

    ScatterBrain

    "I reject your reality and substitute my own!"
    -- The Mythbusters

  • #2
    Re: Server Infected with Win32/Parite.B

    Try MalwareBytes and some of the standalone virus checkers e.g. McAfee Stinger
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Server Infected with Win32/Parite.B

      Ossian, thanks for the Stinger suggestion. I'm running it now. I've already tried Malwarebytes.

      So far Stinger has located the virus in about a dozen files and has repaired them all. We'll see if it truly illiminates it. (I truly hope so.)

      More to follow as I know more.
      --

      ScatterBrain

      "I reject your reality and substitute my own!"
      -- The Mythbusters

      Comment


      • #4
        Re: Server Infected with Win32/Parite.B

        if the virus is out of control, meaning it spread faster then you can cleanup, try rkill.
        http://www.bleepingcomputer.com/down...ti-virus/rkill

        Then before rebooting, do a virus scan + malwarebytes + pray.
        "...if I turn out to be particularly clear, you've probably misunderstood what I've said” - Alan Greenspan

        Comment


        • #5
          Re: Server Infected with Win32/Parite.B

          Looks like a combination of Stinger and targeted deletions took care of the server. Thanks to all that helped!
          --

          ScatterBrain

          "I reject your reality and substitute my own!"
          -- The Mythbusters

          Comment

          Working...
          X