timmev 0 Report post Posted May 6, 2008 So, on our network at work we have a virus called "rejoice46.exe", but no anti virus, anti spyware, anti anything will pick it up. I googled it, nothing happened.. By standard, we just deleted the file, but it comes back and then stops you from entering certain locations of your hard drive. Obviously, a reformat will rid the system of it, but in a network of over 200 computers, we don't have the time to do this, and reinstall all the programs and data. Any suggestions? Because at the moment I'm stumped. It feels as if I just have to sit there and let this thing infect our system. Share this post Link to post Share on other sites
tansqrx 0 Report post Posted May 6, 2008 Many modern virus strains will use random file names as only one way to avoid antivirus detection and to make your life more difficult. Another method is to dynamically recompile themselves so they do not match any known antivirus signature. In order to detect the virus the antivirus vender has to use heuristics. The more important thing to note is that if you are already infected you can not trust your computer. The virus may have installed a rootkit and in that case your computer is lying to you and the antivirus. Files can be hiding at a lower level than the antivirus can read them. Most security experts agree that if you have been infected no matter what the variant of virus, you automatically reformat and restore from a known good backup. To be safe it sounds like you will be reformatting 200 computers.Before you do this I would want to know what the virus is so it doesn’t happen again. I would download an antivirus that is capable of making a boot CD. Update the definitions and run it on the infected machine without starting the infected OS (all of the prep work is of course done on a known good machine). A quick search of “rejoice virus” in Google shows one McAfee page that may be of interest. BackDoor-CXI (http://www.mcafee.com/threat-intelligence/malware/default.aspx?id=138150) Share this post Link to post Share on other sites
TavoxPeru 0 Report post Posted May 12, 2008 Try to make an Online Virus Scan from any of your infected machines or send the file you mention to an online malware scan service, a good one i know is Jotti's malware scan, it is a free online service to diagnose single files which use some anti-virus programs including Avast, AVG, ClamAV, F-Prot, F-Secure, Kaspersky, NOD32, Panda, Sophos, etc.Best regards, Share this post Link to post Share on other sites
herenistarion 0 Report post Posted May 28, 2008 hrm, the only thing i can suggest if nothing is picking it up is to really reformat..I can't say much, what about a restore? Share this post Link to post Share on other sites
wutske 0 Report post Posted May 29, 2008 Look for the heuristic scan setting of your firewall and set it to the maximum. This heuristic scan tries to detect new virussen and virusses that change shape. Share this post Link to post Share on other sites
Moo64c 0 Report post Posted May 30, 2008 Well, here's what I usually do: start the computer in safe mode, open msconfig.exe (start->run->msconfig) go to startup tab. Look for anything suspecious, or just disable everything.Google some of the suspecious-looking files (on another computer), delete them manually (still safe mode) run the system in normal mode and hope for the best.I'd recommend you do a quick scan with Ad Aware (free version on download.com) and/or an online virus scan (McAfee, Norton...) it helps a lot in finding those suspecious files. Hey, this worked for me two days ago, I'm still not sure what kind it was but it's gone now...Sure hope I helped-Moo64c Share this post Link to post Share on other sites
wutske 0 Report post Posted May 30, 2008 Well, here's what I usually do: start the computer in safe mode, open msconfig.exe (start->run->msconfig) go to startup tab. Look for anything suspecious, or just disable everything.Google some of the suspecious-looking files (on another computer), delete them manually (still safe mode) run the system in normal mode and hope for the best.I'd recommend you do a quick scan with Ad Aware (free version on download.com) and/or an online virus scan (McAfee, Norton...) it helps a lot in finding those suspecious files. Hey, this worked for me two days ago, I'm still not sure what kind it was but it's gone now...Sure hope I helped-Moo64c He's talking about 200 computers that are connected to each other in a network, repeating those steps 200 times and just hoping for the best can hardly be called 'a solution'. Share this post Link to post Share on other sites
toby 0 Report post Posted June 5, 2008 Depends how much network control you have, places like schools can send out stuff (my college sends out virus patches very often), otherwise it'd be a case of a batch file or a googled specific helper, on a usb drive to each machine.The only way I can think of files replacing themselves is through prefetch, though I can't remember the exact name of this Windows File Protection thingy, it works on things like notepad. Share this post Link to post Share on other sites
xboxrulz1405241485 0 Report post Posted June 6, 2008 Usually virus definitions are updated by the antivirus provider and not the college or the organization running the networks. Thus, if you get updates often, thank the antivirus provider, not the organization that is running the networks.As for deploying systems across the network, it is highly recommended to create an image of the whole system in the event that the system ever gets into trouble like this. You won't have to reinstall all the software if you implement these images. Such software that create these images include Norton Ghost.xboxrulz Share this post Link to post Share on other sites
iGuest 3 Report post Posted November 3, 2008 rejoice Undetected Virus. Avg 8 finds backdoor-CXI (rejoice), I just shoved it in the virus vault, and then deleted it. It seems to have worked Disconnect the computers before you scan them though. Otherwise the virus will spread back to the computers that you've just gotten rid of it from. If you don't trust avg, you can try this too http://thespywaredetector.com/MostPreThreat.aspx download the spyware detector there. I'm running it right now, just to make sure Share this post Link to post Share on other sites