Solved

Strange new user on Server....Virus?

Posted on 2004-03-26
11
195 Views
Last Modified: 2013-12-04
I came in this morning and was checking out my Exchange server.  I went into C:\Documents and Settings, and noticed a new "user" profile/folder that was 8-10 strange characters including Chinese characters and squares and whatnot.  Server seems to be runnign fine, but I deleted that folder real quick.  Do you think that machine has a virus, and if so, I have Symantec CE installed, can I run a scan on that server?  I'm pretty sure to run a scan I have to exclude all kinds of folders first, right?  Thanks.
0
Comment
Question by:tenover
  • 4
  • 3
  • 2
  • +1
11 Comments
 
LVL 12

Expert Comment

by:trywaredk
ID: 10687941
Yes - immidiately run a scan

You shoul protect your server in the future.

If you want to secure your company's workstations in the future, consider to purchase OfficeScan:
http://www.trendmicro.com/en/products/desktop/osce/evaluate/features.htm

If you can afford it, you can get an url-scanning engine installed on a server with workstation, server-, email and url-scanning engine from
http://www.trendmicro.com/en/products/global/enterprise.htm

Virus Information Alliance (VIA)
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/virus/via.asp

Review of the best antivirus solutions:
http://www.cnet.com/software/1,11066,0-806174-1202-0,00.html?tag=dir-av&pn=1&ob=3&qt=&qn=&F2=0&F3=0&sm=0

SoftScan puts an end to virus and spam threats from the Internet
http://www.softscan.dk/english/index.asp

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10687947
Use this free online Trend Housecall scanner to find and clean every known virus/rootkits/backdoors:
http://housecall.trendmicro.com/housecall/start_corp.asp

Some viruses can't be removed by housecall. If so, use the free Trend Micro system cleaner:
http://www.trendmicro.com/download/tsc.asp

If you get's an ActiveX error, when loading the HouseCall web page:
http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=4317

If you want to secure your one workstation in the future, consider to purchase PC-cillin with builtin firewall:
http://www.trendmicro.com/en/products/desktop/pc-cillin/evaluate/overview.htm
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10687955
Sygate free scanning your security: quick, stealth, trojan, tcp, udp, icmp
http://scan.sygatetech.com/

One Usage of the HACKYOURSELF scan: TCP Scan (65534 ports),UDP scan (800+ ports), and Netbios Scan
http://www.hackerwhacker.com/ 

Shields UP! quickly checks the SECURITY of YOUR computer's connection to the Internet.
https://grc.com/x/ne.dll?bh0bkyd2

Port scan.. Get an instant security analysis now. You dont even need to know your own IP address!
http://www.dslreports.com/scan
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10687963
Improving the Security of PST Files
http://support.microsoft.com/default.aspx?scid=kb;en-us;143241

Downloading and Using the Security Configuration Manager Tool:
http://support.microsoft.com/default.aspx?scid=kb;en-us;245216

Stress Tools to Test Your Web Server:
http://support.microsoft.com/default.aspx?scid=kb;en-us;231282

WebCast: Using the Microsoft Security Tool Kit to Get and Stay Secure
http://support.microsoft.com/default.aspx?scid=kb;en-us;324892

Microsoft Baseline Security Analyzer
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/Tools/MBSAhome.asp

Maximum Windows 2000 Security
http://www.bookpool.com/.x/rmpdj26gor/sm/0672319659

0
 
LVL 6

Expert Comment

by:DanniF
ID: 10688039
What version of Windows do you have and what version of Exchange?

You should find the information you need here:

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2000110108382448

Hope this helps,

Daniel F.
0
Save on storage to protect fatherhood memories

You're the dad who has everything. This Father's Day, make sure your family memories are protected. My Passport Ultra has automatic backup and password protection to keep your cherished photos and videos safe. With up to 3TB, you have plenty of room to hold the adventures ahead.

 
LVL 6

Expert Comment

by:DanniF
ID: 10688069
nono, DO NOT SCAN YOUR EXCHANGE SERVER WITHOUT EXCLUDING FOLDERS!!!!

THIS CAN DAMAGE YOUR INFORMATION STORE AND/OR RESULT IN FALSE VIRUS ALERTS!


sry bout the caps, just want to be sure you notice before scanning....

Good luck,

Daniel F.
0
 
LVL 6

Expert Comment

by:DanniF
ID: 10688079
nono, DO NOT SCAN YOUR EXCHANGE SERVER WITHOUT EXCLUDING FOLDERS!!!!

THIS CAN DAMAGE YOUR INFORMATION STORE AND/OR RESULT IN FALSE VIRUS ALERTS!


sry bout the caps, just want to be sure you notice before scanning....

Good luck,

Daniel F.
0
 

Author Comment

by:tenover
ID: 10688109
Yup, got it.  First, our Exchange server IS secure....Runing Symantec 8.6 CE and Symantec Mail Filtering for Exchange.  I've excluded all the appropriate folders (Inetserv, Symantec Temp, Exchsrvr, etc...). Thanks.  I'll let you know the outcome.
0
 

Author Comment

by:tenover
ID: 10689379
Not a virus.....What a pain in the a$$ due to to Microsoft...
http://support.microsoft.com/default.aspx?scid=kb;en-us;816740

0
 

Accepted Solution

by:
CetusMOD earned 0 total points
ID: 11468868
PAQed, with points refunded (500)

CetusMOD
Community Support Moderator
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now