malware on server 2003
Hi all,
my server has not been running exe's lately. The server runs extremely slow, more so than it has ever done in the past.
I recently ran kaspersky's online antivirus scanner. it found a few objects in exchange folders, since the sever in question maintains the exchange database.
Recently my IIS settings as well as other exchange/windows files has gotten corrupted.
Even though the infected objects the online scan found are in the exchange database folders, is it likely I have malware embedded, running in memory?
I can't figure out how to solve my prblm! without being able to run an exe, for SP update.. nor able to install an antivirus prgm to remove the malware..
I'm in for a long wkend, which is when I can boot the server in safe mode to trblshoot. So Here is my question. Given the behavior and limitations of not being able to install prgms... Is there an updated malware program sold out there that can run off cd to clean out this drive?
I can't be spending so much time troubleshooting this beast, I think i have to reinstall exchange because exchange and AD are acting weird. The email addresses tab is gone, IIS is blank, and OWA is gone... Can malware be the cause of all of these symptoms?
I have hardware based raid... by intel.. if it were raid degradation, upon rebooting, I'd get a message and beeps right?
my server has not been running exe's lately. The server runs extremely slow, more so than it has ever done in the past.
I recently ran kaspersky's online antivirus scanner. it found a few objects in exchange folders, since the sever in question maintains the exchange database.
Recently my IIS settings as well as other exchange/windows files has gotten corrupted.
Even though the infected objects the online scan found are in the exchange database folders, is it likely I have malware embedded, running in memory?
I can't figure out how to solve my prblm! without being able to run an exe, for SP update.. nor able to install an antivirus prgm to remove the malware..
I'm in for a long wkend, which is when I can boot the server in safe mode to trblshoot. So Here is my question. Given the behavior and limitations of not being able to install prgms... Is there an updated malware program sold out there that can run off cd to clean out this drive?
I can't be spending so much time troubleshooting this beast, I think i have to reinstall exchange because exchange and AD are acting weird. The email addresses tab is gone, IIS is blank, and OWA is gone... Can malware be the cause of all of these symptoms?
I have hardware based raid... by intel.. if it were raid degradation, upon rebooting, I'd get a message and beeps right?
ASKER
Naturatek thanks for the prompt response.. when I ran the kaspersky's online scan.... this is what if found...
Can you tell me if the malware it found is likely causing my problems listed in the initial question???
I will gladly award you the points since your response is complete.. but I'd like confirmation on whether my problems are likely malware related..
all 5 trojans it detected are in 1 user's folder sjauregui
I personally don't think it's possible this trojan is running in the server's memory... nor is could it be running within the system. But then again I'm not an expert on viruses, I just know where these trojans are and I want to know how to fix my server.
IMG00228.jpg
IMG00227.jpg
Can you tell me if the malware it found is likely causing my problems listed in the initial question???
I will gladly award you the points since your response is complete.. but I'd like confirmation on whether my problems are likely malware related..
all 5 trojans it detected are in 1 user's folder sjauregui
I personally don't think it's possible this trojan is running in the server's memory... nor is could it be running within the system. But then again I'm not an expert on viruses, I just know where these trojans are and I want to know how to fix my server.
IMG00228.jpg
IMG00227.jpg
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes this is a server we're looking at.. that user has not existed on the network for a long time. The trojans must have been sitting there. I will run those scans on the wkend when I can boot in safe mode. Thank you for the complete response.
If you don't use VNC, remove it completely. Please Keep us posted if you can.
ASKER
I do use VNC. I need it for remote access... I've read online that those files this scanner pted out are legit for vnc to operate... They are not trojans, they allow me to access this machine remotely. VNC requires password authentication.
Other than the few trojans that scanner found, I'm looking forward to using the other scanners you suggested. If not then I'm afraid I need to check other variables such as hard disk integrity.
Other than the few trojans that scanner found, I'm looking forward to using the other scanners you suggested. If not then I'm afraid I need to check other variables such as hard disk integrity.
Download Malwarebytes from www.malwarebytes.org
UPDATE them both
Boot into safe mode. Run a scan with malwarebytes first. Remove any findings. exit
Run scan with superantispyware second, remove findings, reboot.
(system restore off when doing this, turn back on when done)
Create a bootable antivirus Kaspersky, step by step instruction here:
http://www.techmixer.com/kaspersky-rescue-disk-load-kaspersky-antivirus-2009-using-dos/
http://dnl-eu10.kaspersky-labs.com/devbuilds/RescueDisk/
Boot from kaspersky cd, run scan. reboot
You should be good.