Home > Other, Tech, Windows > My Life with Servers

My Life with Servers

I had a horrible weekend fighting with a virus infected server. Last Friday, my alert systems starts sending me emails around 11am saying that the server in question,one of my Citrix servers, was hitting abnormally high CPU cycles. We rebooted and it went back to normal…for a bit. At 4pm on Friday, I start getting messages all over again about the high CPU cycles. I connect up to the server and find that ,sure enough, there is a virus warning from a software product called “Internet Security 2010.”

You suck, Internet Security 2010

I hate your guts, Internet Security 2010

A quick Google search turned up a number of sites that described Internet Security 2010 as malware. Upon further reading, it was obvious that this was a particularly nast bug as it tries to stop you from accessing sites, downloads trojans to try to control your PC and changes the registry to allow it to run silently in the background.

After trying to remove it for about 2 hours, I thought I had accomplished my task. Upon reboot, I tried to connect up remotely again, only to discover I couldn’t. Upon going to the server itself, it would show the login screen, I would give it my credentials, it would start the login process, then immediately return to the login screen.

Seeing as it was part of the Citrix Farm, I had the flexibility to pull the server since the applications it was serving up were load balanced across a couple of servers. Still, it was a painful day of trying to access the desktop to perform the surgery necessary to remove the culprit.

One minute of poor judgment created some 10+ hours of work and inconvenience not just to me, but to others who were using the server. Please make sure that you do NOT download anti-virus from the web unless you’ve Googled it to see whether it’s legitimate or Malware.

How to remove Internet Security 2010 (from softsailor.com):

Step 1: Go here and download Malwarebytes’ Anti-Malware for free. Save the file to your desktop. If Internet Security 2010 does not allow you to download anything, you should download the setup on another computer and use an USB stick or a CD/DVD to transfer the files needed. Remember to place the setup file on the desktop.

Step 2: Click here to download the rkill.com file. Once the download is complete, run it. The rkill.com file will make sure the Internet Security 2010 will be closed for good so it does not interfere with the removal process.

Step 3: Close all open applications and windows. You now should be on the desktop.

Step 4: Run the Malwarebytes’ Anti-Malware setup from the desktop.

Step 5: Go with the default settings during the install. CRUCIAL: Make sure you tell the software to automatically update itself (there’s a box you need to check during the install to make that happen). In addition, make sure you tell MBAM to automatically launch itself once the install and update processes are complete.

Step 6: When Malwarebytes’ Anti-Malware loads, go to the Scanner screen, select “Perform Quick Scan” and then click the “Scan” button.

Step 7: When the scan is complete, press the Show Results button under the main “Scanner” tab.

Step 8: Check all the detected infections (so you remove both Internet Security 2010 and all related Trojans, as well as any other malware detected).

Step 9: When the removal process is complete, a log of the scan will be displayed in a Notepad window. You now have successfully removed Internet Security 2010, all related Trojans and any other infections detected by Malwarebytes’ Anti-Malware.

Categories: Other, Tech, Windows
  1. Scott Hall
    January 21, 2010 at 3:52 pm

    Ouch! We have been seeing that one creep up here on a few desktops. Not fun at all. On a few of the machines I simply opted for a scorched earth approach.

  2. January 22, 2010 at 9:32 am

    Ody,

    discovered your blog through facebook. good stuff here!

    i couldn’t believe it, reading your post just now. I also spent hours battling this one, that popped up on a friend’s computer. unfortunately, i didn’t get as far as you did, so i had to reinstall windows cleanly…

    take care ! Matt

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: