Solved

Strange new user on Server....Virus?

Posted on 2004-03-26
11
204 Views
Last Modified: 2013-12-04
I came in this morning and was checking out my Exchange server.  I went into C:\Documents and Settings, and noticed a new "user" profile/folder that was 8-10 strange characters including Chinese characters and squares and whatnot.  Server seems to be runnign fine, but I deleted that folder real quick.  Do you think that machine has a virus, and if so, I have Symantec CE installed, can I run a scan on that server?  I'm pretty sure to run a scan I have to exclude all kinds of folders first, right?  Thanks.
0
Comment
Question by:tenover
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1
11 Comments
 
LVL 12

Expert Comment

by:trywaredk
ID: 10687941
Yes - immidiately run a scan

You shoul protect your server in the future.

If you want to secure your company's workstations in the future, consider to purchase OfficeScan:
http://www.trendmicro.com/en/products/desktop/osce/evaluate/features.htm

If you can afford it, you can get an url-scanning engine installed on a server with workstation, server-, email and url-scanning engine from
http://www.trendmicro.com/en/products/global/enterprise.htm

Virus Information Alliance (VIA)
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/virus/via.asp

Review of the best antivirus solutions:
http://www.cnet.com/software/1,11066,0-806174-1202-0,00.html?tag=dir-av&pn=1&ob=3&qt=&qn=&F2=0&F3=0&sm=0

SoftScan puts an end to virus and spam threats from the Internet
http://www.softscan.dk/english/index.asp

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10687947
Use this free online Trend Housecall scanner to find and clean every known virus/rootkits/backdoors:
http://housecall.trendmicro.com/housecall/start_corp.asp

Some viruses can't be removed by housecall. If so, use the free Trend Micro system cleaner:
http://www.trendmicro.com/download/tsc.asp

If you get's an ActiveX error, when loading the HouseCall web page:
http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=4317

If you want to secure your one workstation in the future, consider to purchase PC-cillin with builtin firewall:
http://www.trendmicro.com/en/products/desktop/pc-cillin/evaluate/overview.htm
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10687955
Sygate free scanning your security: quick, stealth, trojan, tcp, udp, icmp
http://scan.sygatetech.com/

One Usage of the HACKYOURSELF scan: TCP Scan (65534 ports),UDP scan (800+ ports), and Netbios Scan
http://www.hackerwhacker.com/ 

Shields UP! quickly checks the SECURITY of YOUR computer's connection to the Internet.
https://grc.com/x/ne.dll?bh0bkyd2

Port scan.. Get an instant security analysis now. You dont even need to know your own IP address!
http://www.dslreports.com/scan
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 12

Expert Comment

by:trywaredk
ID: 10687963
Improving the Security of PST Files
http://support.microsoft.com/default.aspx?scid=kb;en-us;143241

Downloading and Using the Security Configuration Manager Tool:
http://support.microsoft.com/default.aspx?scid=kb;en-us;245216

Stress Tools to Test Your Web Server:
http://support.microsoft.com/default.aspx?scid=kb;en-us;231282

WebCast: Using the Microsoft Security Tool Kit to Get and Stay Secure
http://support.microsoft.com/default.aspx?scid=kb;en-us;324892

Microsoft Baseline Security Analyzer
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/Tools/MBSAhome.asp

Maximum Windows 2000 Security
http://www.bookpool.com/.x/rmpdj26gor/sm/0672319659

0
 
LVL 6

Expert Comment

by:DanniF
ID: 10688039
What version of Windows do you have and what version of Exchange?

You should find the information you need here:

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2000110108382448

Hope this helps,

Daniel F.
0
 
LVL 6

Expert Comment

by:DanniF
ID: 10688069
nono, DO NOT SCAN YOUR EXCHANGE SERVER WITHOUT EXCLUDING FOLDERS!!!!

THIS CAN DAMAGE YOUR INFORMATION STORE AND/OR RESULT IN FALSE VIRUS ALERTS!


sry bout the caps, just want to be sure you notice before scanning....

Good luck,

Daniel F.
0
 
LVL 6

Expert Comment

by:DanniF
ID: 10688079
nono, DO NOT SCAN YOUR EXCHANGE SERVER WITHOUT EXCLUDING FOLDERS!!!!

THIS CAN DAMAGE YOUR INFORMATION STORE AND/OR RESULT IN FALSE VIRUS ALERTS!


sry bout the caps, just want to be sure you notice before scanning....

Good luck,

Daniel F.
0
 

Author Comment

by:tenover
ID: 10688109
Yup, got it.  First, our Exchange server IS secure....Runing Symantec 8.6 CE and Symantec Mail Filtering for Exchange.  I've excluded all the appropriate folders (Inetserv, Symantec Temp, Exchsrvr, etc...). Thanks.  I'll let you know the outcome.
0
 

Author Comment

by:tenover
ID: 10689379
Not a virus.....What a pain in the a$$ due to to Microsoft...
http://support.microsoft.com/default.aspx?scid=kb;en-us;816740

0
 

Accepted Solution

by:
CetusMOD earned 0 total points
ID: 11468868
PAQed, with points refunded (500)

CetusMOD
Community Support Moderator
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question