Cannot Browse Microsoft Sites or Antivirus Sites Cornflicker is your problem

Conflicker VirusWow.. it has been some time since I danced the Antivirus Windows dance, but today I had an experience that a lot of you may know about.

A re-install of a server and I wanted to throw onto it Windows 2008 R2. Problem was that the server only has a CD drive.

So I look at what ISO’s I can lay my hands on that are CD install. I found that Windows 2000 SP2 was it for server software.

While I probably could have assed around trying to find some other way to load up a new operating system via network or USB etc. But since I started using Apple products a year or two ago, I value life… and so was not prepared to throw time away with Microsoft on that little journey.

So up goes the virgin 2003 SP2 server.

Assed around with some new network drivers… and I was done.

Only problem… no connectivity to Microsoft. Some more of my life gone, and I work out that the brand new server has been infected with Cornflicker virus. Fancy that… A new server with no action on it, and it already has a virus.

I should point out that the server was on a network with a few hundred computers and lightning fast access to the internet.

Who knows where it got it from, but I was flabbergasted to see this happen quite this easily. Anyway the removal was somewhat of a pain, as I tried a few things before I managed to get rid of it.

Because the virus stops access to Microsoft. Most of the download links for the Microsoft solutions were a total waste of time.

It begs the questions why they don’t publish what you need at locations that are non Microsoft.com and that change often to fool the virus. Anyway!

Other virus programs would remove the threat, only to find it was back again instantly on reboot.

So I found that you needed to patch the server with Security Update for Windows Server 2003 (KB958644)

And then run the Microsoft® Windows® Malicious Software Removal Tool

Ensuring that you do the full scan.

After a reboot with the patch, the thing was gone and the server could be patched.

I found it easiest to download these two file from another location and install onto the server from a share.