Windows Server 2003 anti-virus and firewall?

G

Guest

I have just gotten hit with a virus that has taken over my windows scripting
host.
I had the Windows firewall enabled for a long time, but needed to piggyback
multiple IPs onto one controller. I had to turn off the firewall from windows
because it can't handle that setup.

I now have some wburgm.exe in my system32 directory and it is running in
memory. There is a registry entry for it under:

[HKEY_CURRENT_USER\Software\Microsoft\OLE]
"Internet Explorer"="wburgm.exe"

1. What is the best Antivirus for Windows Server 2003 that will kill this
worm virus for good?

2. I need a pointer to a 3rd party firewall (that is tested against W2003
Server) that I can configure so it won't interfere with my Windows Media
Services 9 running on the server? Also one that can handle multiple IPs on
one NIC card.

Thank you for any information.

Doug
 
D

David H. Lipman

There are anti virus News Groups specifically for this type of discussion.

microsoft.public.scripting.virus.discussion
microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus

You can submit a sample of the infector to Virus Total and it will be tested against 10 AV
vendors and you will know what you are up against in a minute or two.
http://www.virustotal.com/flash/index_en.html

You can also perform the following...

1) Download the following four items...

McAfee Stinger
http://vil.nai.com/vil/stinger/

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend Pattern File.
http://www.trendmicro.com/download/pattern.asp

Adaware SE (free personal version v1.05)
http://www.lavasoftusa.com/

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download Sysclean.com and place it in that directory.
Dowload the Trend Pattern File by obtaining the ZIP file.
For example; lpt244.zip

Extract the contents of the ZIP file and place the contents in the same directory as
sysclean.com.

2) Update Adaware with the latest definitions.
3) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode
5) Using Trend Sysclean, Stinger and Adaware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using the three
utilities; Trend Sysclean, Stinger and Adaware
7) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) Create a new Restore point

You can also try some of the below online scanners.

BitDefender:
http://www.bitdefender.com/scan/license.php

Computer Associates:
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

DialogueScience:
http://www.antivir.ru/english/www_av/

F-Secure:
http://support.f-secure.com/enu/home/ols.shtml

Freedom Online scanner:
http://www.freedom.net/viruscenter/index.html

Kaspersky:
http://www.kaspersky.com/de/scanforvirus

McAfee:
http://www.mcafee.com/myapps/mfs/default.asp

Panda:
http://www.pandasoftware.com/activescan/

RAV
http://www.ravantivirus.com/scan/

Symantec:
http://security.symantec.com/

Trend:
http://housecall.antivirus.com
http://housecall.trendmicro.com


* * * Please report your results ! * * *

Dave




| I have just gotten hit with a virus that has taken over my windows scripting
| host.
| I had the Windows firewall enabled for a long time, but needed to piggyback
| multiple IPs onto one controller. I had to turn off the firewall from windows
| because it can't handle that setup.
|
| I now have some wburgm.exe in my system32 directory and it is running in
| memory. There is a registry entry for it under:
|
| [HKEY_CURRENT_USER\Software\Microsoft\OLE]
| "Internet Explorer"="wburgm.exe"
|
| 1. What is the best Antivirus for Windows Server 2003 that will kill this
| worm virus for good?
|
| 2. I need a pointer to a 3rd party firewall (that is tested against W2003
| Server) that I can configure so it won't interfere with my Windows Media
| Services 9 running on the server? Also one that can handle multiple IPs on
| one NIC card.
|
| Thank you for any information.
|
| Doug
|
|
 
D

David H. Lipman

UPDATE
McAfee has created an interim EXTRA.DAT file for this infector and will be added to a future
DAT release.

Dave ;-)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Firewall, Anti virus, anti spyware 5
Firewall and Anti Virus problem 3
Windows firewall is broken and can't run anti-virus 3
Virus has disabled windows firewall? 9
Windows Firewall fails to start after reboot... 3
Firewall and Anti Virus 2
Windows Firewall vs. NPF 2
Windows Firewall startup - Suprising problem. 4

Top