Windows Server 2003 anti-virus and firewall?

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have just gotten hit with a virus that has taken over my windows scripting
host.
I had the Windows firewall enabled for a long time, but needed to piggyback
multiple IPs onto one controller. I had to turn off the firewall from windows
because it can't handle that setup.

I now have some wburgm.exe in my system32 directory and it is running in
memory. There is a registry entry for it under:

[HKEY_CURRENT_USER\Software\Microsoft\OLE]
"Internet Explorer"="wburgm.exe"

1. What is the best Antivirus for Windows Server 2003 that will kill this
worm virus for good?

2. I need a pointer to a 3rd party firewall (that is tested against W2003
Server) that I can configure so it won't interfere with my Windows Media
Services 9 running on the server? Also one that can handle multiple IPs on
one NIC card.

Thank you for any information.

Doug
 
There are anti virus News Groups specifically for this type of discussion.

microsoft.public.scripting.virus.discussion
microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus

You can submit a sample of the infector to Virus Total and it will be tested against 10 AV
vendors and you will know what you are up against in a minute or two.
http://www.virustotal.com/flash/index_en.html

You can also perform the following...

1) Download the following four items...

McAfee Stinger
http://vil.nai.com/vil/stinger/

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend Pattern File.
http://www.trendmicro.com/download/pattern.asp

Adaware SE (free personal version v1.05)
http://www.lavasoftusa.com/

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download Sysclean.com and place it in that directory.
Dowload the Trend Pattern File by obtaining the ZIP file.
For example; lpt244.zip

Extract the contents of the ZIP file and place the contents in the same directory as
sysclean.com.

2) Update Adaware with the latest definitions.
3) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode
5) Using Trend Sysclean, Stinger and Adaware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using the three
utilities; Trend Sysclean, Stinger and Adaware
7) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) Create a new Restore point

You can also try some of the below online scanners.

BitDefender:
http://www.bitdefender.com/scan/license.php

Computer Associates:
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

DialogueScience:
http://www.antivir.ru/english/www_av/

F-Secure:
http://support.f-secure.com/enu/home/ols.shtml

Freedom Online scanner:
http://www.freedom.net/viruscenter/index.html

Kaspersky:
http://www.kaspersky.com/de/scanforvirus

McAfee:
http://www.mcafee.com/myapps/mfs/default.asp

Panda:
http://www.pandasoftware.com/activescan/

RAV
http://www.ravantivirus.com/scan/

Symantec:
http://security.symantec.com/

Trend:
http://housecall.antivirus.com
http://housecall.trendmicro.com


* * * Please report your results ! * * *

Dave




| I have just gotten hit with a virus that has taken over my windows scripting
| host.
| I had the Windows firewall enabled for a long time, but needed to piggyback
| multiple IPs onto one controller. I had to turn off the firewall from windows
| because it can't handle that setup.
|
| I now have some wburgm.exe in my system32 directory and it is running in
| memory. There is a registry entry for it under:
|
| [HKEY_CURRENT_USER\Software\Microsoft\OLE]
| "Internet Explorer"="wburgm.exe"
|
| 1. What is the best Antivirus for Windows Server 2003 that will kill this
| worm virus for good?
|
| 2. I need a pointer to a 3rd party firewall (that is tested against W2003
| Server) that I can configure so it won't interfere with my Windows Media
| Services 9 running on the server? Also one that can handle multiple IPs on
| one NIC card.
|
| Thank you for any information.
|
| Doug
|
|
 
UPDATE
McAfee has created an interim EXTRA.DAT file for this infector and will be added to a future
DAT release.

Dave ;-)
 
Back
Top