Win32/heur on windows server 2003

By guitarmanEG140
Jun 29, 2010
  1. I am running windows server 2003. I did my best to complete the 8 steps of virus removal but I was not able to complete the following steps
    -TFC cleanup
    TFC and GMER both froze my server, GMER actually bluescreened my server.

    After the bluescreen on GMER I decided to post before completing any additional steps. I will outline my attempts below.

    Day 1
    I had a user recieve a warning from AVG that it detected a WIN32/heur virus/trojan horse when she attempted to access a network drive. I was unable to quarantine the file from her computer. From a webpost that I read I attempted to search for the file which was at that time name win32/heur and I was not able to find it. I ran a full scan on the network drive with AVG but it did not identify any virus or malware. I purchased AVG file server addition and Spyware doctor and ran additional scans on my server. I have also scanned with Malwarebytes - antimalware and with Norton- enterprise addition. None of these showed any threats or infections. confident that AVG was raising a false alarm I called it a day.

    Day 2
    Another user on a different computer that is not connected to the internet and only to the file server recieved the same warning from AVG while accessing the same network drive. This time AVG identified the file as DPWIN.EXE which is the executable file for the database we run off of that network drive. I removed the file, contacted the vendor and upon her advice completely reinstalled the database which removed and recopied everything except the data that was already recorded in the data base.

    Day 2- at 8pm (present)
    I have run every scan that I have on that network drive and on the hard drive and the entire server. Everything says I have no virus no threats, I have looked through every file and read several online posts about the WIN32/heur virus. based on what I have read I can't shake the feeling that this virus is lurking somewhere.

    ? what can I do to track this thing down and kill it?

    I didn't post my log from Malware because it shows 0 infections as does AVG and Spyware Doctor. I wasn't able to complete GMER and I didn't attempt DDS although I will if recommended. I am still in school although working in an Networking position and I have not taken any network defense... any help would be appreciated.
  2. Broni

    Broni Malware Annihilator Posts: 54,260   +383

    If you tried the above and GMER still doesn't work, continue with other steps and post remaining logs.
  3. guitarmanEG140

    guitarmanEG140 TS Rookie Topic Starter

    Ok... I am done with this... I ran your recommended scan GMER in safemode and it corrupted the <windows root>system32/ntoskrnl.exe file and I had to run the recovery console to repair it. I am sure this scan works great on a personal computer but it is not helping my issue. I will call Dell tomorrow and see if I can get help, it is still under the service agreement, perhaps it was a little irresponcible of me to seek help from on online forum with a company server. Thanks for trying.
  4. Broni

    Broni Malware Annihilator Posts: 54,260   +383

    Not a problem :)
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...