Hi, I need some help removing a virus from a data storage server, Avast Server Edition detected a virus called Win32:Agent-IRZ [trj].
The symptoms are all the folders were renamed to .exe and became hidden folders. Avast will not clean them, and if I delete them I will loose data which I cannot do.
I can still access the folders if I manually write the path on the address bar, but I cannot see them with windows explorer. Unhiding the folders from Folder Options will not work, but I managed to make them visible again booting from Winternals ERP-Commander and unhiding them from there, it appears that it hides them as system files. So now I can see the files, but the virus is not gone.
I do have a backup, the thing is the virus is stored somewhere in the data storage, therefore it was also backed up, even if I restore the data, it will just spread again in a few hours. Avast haven’t detected which file is responsible for the infection, it just displays all my folders as infected files.
Can you say what is the infected file name, where was it found (C:\windows\system32\infected-file-name.xxx)?
Is the virus replicating itself? If so, I suggest:
Disable System Restore and reenable it after step 3.
Clean your temporary files.
Schedule a boot time scanning with avast with archive scanning turned on.
Use SUPERantispyware and/or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.