Re: .exe files are not executing.

From: Malke (malke_at_nospoonnotreally.com)
Date: 10/13/04 

Date: Wed, 13 Oct 2004 05:22:21 -0700

shahid hussain wrote:

> on windows 2000 server domain controller, all exe files are not
> executing, otherwise the system is ok. when i try to run an exe file
> it gives the error that file is not found and cannot be run but
> actually the file is present on the system.
> how can i solve this problem.

You have a virus. It could be an old one like Pretty Park or Sircam, or
it could be a newer trojan. I'm still cleaning a laptop yesterday that
had this exact problem. I'll give you some links to how to get the .exe
files working again so you can run virus scans, etc.

http://support.microsoft.com/kb/q311446/
http://support.microsoft.com/kb/q310585/
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.optixpro.12.b.html

What is particularly important in your case - because you are running a
server - is the name of the file that is being run every time an
executable is called. For instance, as described in the Symantec
article, if you go to this key:

HKEY_CLASSES_ROOT\exefile\shell\open\command

the file name that is in front of the real command, for example:

winampw.exe "%1" %*

will be your virus name. The laptop I'm cleaning had that one and
Googling for "winampw.exe" brought me to the Symantec article. You
should note that this particular virus is a trojan horse that steals
passwords and other information, and if you have a trojan on your
server, the server is compromised. Depending on your particular trojan,
the best practice (IMO) is to take down the network, wipe the server,
and apply your most recent backup image. For safety's sake, you should
also take down the network and run antivirus scans on all workstations.
You probably also should look at your security practices on the server
to determine how it got infected and to prevent it from happening
again.

Good luck,

Malke 

-- 
MS MVP - Windows Shell/User
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"

Relevant Pages

  • Re: Pesky virus
    ... I'm no expert at this but I did some reading and was under the impression that people will use your mail server to send emails and that there's not a lot that can be done about it. ... > non-espersunited.com email account an email from someone I don't know ... >> with an .exe file as an attachment. ... >> that they had a virus. ...
    (Fedora)
  • RE: [Full-Disclosure] New virus?
    ... The server that is ... Subject: New virus? ... It is a trojan - TROJ_BANCOS.BW or a variant. ... Charter: http://lists.netsys.com/full-disclosure-charter.html ...
    (Full-Disclosure)
  • Re: Is VMS losing the Financial Sector, also?
    ... On Behalf Of Bill Gunshannon ... Is VMS losing the Financial Sector, ... One of their Customers was running Windows Server and was down for 2 ...
    (comp.os.vms)
  • Re: Information Store taking all available memory.
    ... There are cases where the virus software is scanning things it should not ... The aforementioned should be excluded in the virus software. ... Do Not Back Up or Scan Exchange 2000 Drive M ... Understanding Virus Scanning API 2.0 in Exchange 2000 Server ...
    (microsoft.public.exchange2000.information.store)
  • Re: Frustrated with Trend CSM!
    ... You must exclude them from Officescan, ... Click on your SBS computer icon, and set the client priveliges to your ... settings for the server versus the clients. ... > "Virus successfully detected, but infected file can neither be cleaned nor ...
    (microsoft.public.windows.server.sbs)
Quantcast