MGR and Internet Explorer virus?

December 23, 2011 at 08:42:03
Specs: Windows 2003

This started yesterday on our Windows Server 2003 machine running Citrix.

When a user logs on, it opens up 2 IE windows (Internet Explorer 8). Then if the user tries to open up an Office product (Word, Excel, Outlook...version 2003), it opens up another 2 IE windows.

Today, there is a runaway virus of some kind that duplicates anything run with MGR on it as an EXE. For instance, if someone logs in and uses Adobe Reader, the system will start to propagate hundreds of files as follows: readermgr.exe, readermgrmgr.exe, readermgrmgrmgr.exe, etc. It creates these files in the starting folder, so the Windows/system32 folder gets filled with userinitmgr.exe files as well as a user's desktop with anything they run.

Currently, I have it shutdown for users to log in and am running McAfee, which is find some things (W32.Ramnit mostly) and I have run Stinger (which found Artemis) and I have run Malewarebytes.

I also could not update Malewarebytes, as it says I have the latest version. Of course if I look at the update tab on Malewarebytes, there is no version listed! I also could not install the latest version as it gave me an access denied message when it goes to register the program.

Anyone come across something like this? Logged on as the administrator, the "mgr" issue is not happening. But once I re-enable the Citrix connection and let regular users log on, it starts to create and run hundreds of those.

Ed


See More: MGR and Internet Explorer virus?

Report •


#1
December 29, 2011 at 13:11:29

In this particular case, your basic antivirus program is not going to do much.. you need a program that looks for small pains in the ass like the one's you got.

Go onto download.com and install and update the program Spybot - Search and Destroy and it will most likely find what you have on there and kill it.

However, just for the record, I would get rid of McAfee anyway.. also on download.com is a free antivirus program called AVG For Free 2012, I very highly recommend it.


Report •
Related Solutions


Ask Question