mjkilburn

No. I mistakenly thought the free version could be used. I'll go down another route for now. Thanks for the advice.

Hello All. I have a customers Windows 2003 Standard R2 server that had no anti virus (expired avg business edition). On friday 17th august I installed ESET Endpoint Antivirus Version 5.0.2126.0 and after the initial scan, it found safesurf.exe and safeguard.exe in the system32/SD folder I had the files "SafeSurf.exe" and "surfguard.exe". I quarantined the files through ESET and removed them but couldnt remove the sd folder and some text files. (Trying to delete the folder came up with a message stating a file was in use and the text files kept coming back after i deleted them). I eventually deleted the folder after stopping a process called xstarter. I thought that was it until i received a call from the customer saying the server had frozen (RDP displayed a grey screen) and a hard reboot was the only option to fix. The server came back up but since then it freezes once every morning at no particular time and after a reboot is ok until the next day when it freezes again. I tried installing Malwarebytes but tells me 'windows cannot access the specified device path or file you may not have appropriate permissions' I have run the mbam chameleon program with the mbam-setup.exe in the same folder and copied mbam.exe renamed as iexplorer.exe in there too with the following output: MBAM-Chameleon ver. 1.62.0 Press any key to continue Driver is already loaded Enabling driver... ...Done! Trying to update Malwarebytes Anti-Malware, please wait.. ...Done! Killing known malicious processes, please wait... ...Done! Trying to run Malwarebytes Anti-Malware , please wait... Failed to run Malwarebytes Anti-Malware Disabling protection driver... ...Done! Press any key to continue I also tried running the DDS report but it wont run on Windows 2003 R2 I dont know if there is something still lurking but im getting lots of stick from the customer so any help would be appreciated! If ive posted in the wrong place, i apologise. Ive just joined!

Thank you for your help Maurice. I posted in the wrong place. Hopefully someone will guide me in the right direction in the malware removal forum.

Im sorry im using the free edition of malwarebytes. Do i go through the support channel outlined above?

I have a customers Windows 2003 Standard R2 server that had no anti virus (expired avg business edition). On friday 17th august I installed ESET Endpoint Antivirus Version 5.0.2126.0 and after the initial scan, it found safesurf.exe and safeguard.exe in the system32/SD folder I had the files "SafeSurf.exe" and "surfguard.exe". I quarantined the files through ESET and removed them but couldnt remove the sd folder and some text files. (Trying to delete the folder came up with a message stating a file was in use and the text files kept coming back after i deleted them). I eventually deleted the folder after stopping a process called xstarter. I thought that was it until i received a call from the customer saying the server had frozen (RDP displayed a grey screen) and a hard reboot was the only option to fix. The server came back up but since then it freezes once every morning at no particular time and after a reboot is ok until the next day when it freezes again. I tried installing Malwarebytes but tells me 'windows cannot access the specified device path or file you may not have appropriate permissions' I have run the mbam chameleon program with the mbam-setup.exe in the same folder and copied mbam.exe renamed as iexplorer.exe in there too with the following output: MBAM-Chameleon ver. 1.62.0 Press any key to continue Driver is already loaded Enabling driver... ...Done! Trying to update Malwarebytes Anti-Malware, please wait.. ...Done! Killing known malicious processes, please wait... ...Done! Trying to run Malwarebytes Anti-Malware , please wait... Failed to run Malwarebytes Anti-Malware Disabling protection driver... ...Done! Press any key to continue I dont know if there is something still lurking but im getting lots of stick from the customer so any help would be appreciated! If ive posted in the wrong place, i apologise. Ive just joined!