Solved

Strange new user on Server....Virus?

Posted on 2004-03-26
11
198 Views
Last Modified: 2013-12-04
I came in this morning and was checking out my Exchange server.  I went into C:\Documents and Settings, and noticed a new "user" profile/folder that was 8-10 strange characters including Chinese characters and squares and whatnot.  Server seems to be runnign fine, but I deleted that folder real quick.  Do you think that machine has a virus, and if so, I have Symantec CE installed, can I run a scan on that server?  I'm pretty sure to run a scan I have to exclude all kinds of folders first, right?  Thanks.
0
Comment
Question by:tenover
  • 4
  • 3
  • 2
  • +1
11 Comments
 
LVL 12

Expert Comment

by:trywaredk
ID: 10687941
Yes - immidiately run a scan

You shoul protect your server in the future.

If you want to secure your company's workstations in the future, consider to purchase OfficeScan:
http://www.trendmicro.com/en/products/desktop/osce/evaluate/features.htm

If you can afford it, you can get an url-scanning engine installed on a server with workstation, server-, email and url-scanning engine from
http://www.trendmicro.com/en/products/global/enterprise.htm

Virus Information Alliance (VIA)
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/virus/via.asp

Review of the best antivirus solutions:
http://www.cnet.com/software/1,11066,0-806174-1202-0,00.html?tag=dir-av&pn=1&ob=3&qt=&qn=&F2=0&F3=0&sm=0

SoftScan puts an end to virus and spam threats from the Internet
http://www.softscan.dk/english/index.asp

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10687947
Use this free online Trend Housecall scanner to find and clean every known virus/rootkits/backdoors:
http://housecall.trendmicro.com/housecall/start_corp.asp

Some viruses can't be removed by housecall. If so, use the free Trend Micro system cleaner:
http://www.trendmicro.com/download/tsc.asp

If you get's an ActiveX error, when loading the HouseCall web page:
http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=4317

If you want to secure your one workstation in the future, consider to purchase PC-cillin with builtin firewall:
http://www.trendmicro.com/en/products/desktop/pc-cillin/evaluate/overview.htm
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10687955
Sygate free scanning your security: quick, stealth, trojan, tcp, udp, icmp
http://scan.sygatetech.com/

One Usage of the HACKYOURSELF scan: TCP Scan (65534 ports),UDP scan (800+ ports), and Netbios Scan
http://www.hackerwhacker.com/ 

Shields UP! quickly checks the SECURITY of YOUR computer's connection to the Internet.
https://grc.com/x/ne.dll?bh0bkyd2

Port scan.. Get an instant security analysis now. You dont even need to know your own IP address!
http://www.dslreports.com/scan
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 
LVL 12

Expert Comment

by:trywaredk
ID: 10687963
Improving the Security of PST Files
http://support.microsoft.com/default.aspx?scid=kb;en-us;143241

Downloading and Using the Security Configuration Manager Tool:
http://support.microsoft.com/default.aspx?scid=kb;en-us;245216

Stress Tools to Test Your Web Server:
http://support.microsoft.com/default.aspx?scid=kb;en-us;231282

WebCast: Using the Microsoft Security Tool Kit to Get and Stay Secure
http://support.microsoft.com/default.aspx?scid=kb;en-us;324892

Microsoft Baseline Security Analyzer
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/Tools/MBSAhome.asp

Maximum Windows 2000 Security
http://www.bookpool.com/.x/rmpdj26gor/sm/0672319659

0
 
LVL 6

Expert Comment

by:DanniF
ID: 10688039
What version of Windows do you have and what version of Exchange?

You should find the information you need here:

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2000110108382448

Hope this helps,

Daniel F.
0
 
LVL 6

Expert Comment

by:DanniF
ID: 10688069
nono, DO NOT SCAN YOUR EXCHANGE SERVER WITHOUT EXCLUDING FOLDERS!!!!

THIS CAN DAMAGE YOUR INFORMATION STORE AND/OR RESULT IN FALSE VIRUS ALERTS!


sry bout the caps, just want to be sure you notice before scanning....

Good luck,

Daniel F.
0
 
LVL 6

Expert Comment

by:DanniF
ID: 10688079
nono, DO NOT SCAN YOUR EXCHANGE SERVER WITHOUT EXCLUDING FOLDERS!!!!

THIS CAN DAMAGE YOUR INFORMATION STORE AND/OR RESULT IN FALSE VIRUS ALERTS!


sry bout the caps, just want to be sure you notice before scanning....

Good luck,

Daniel F.
0
 

Author Comment

by:tenover
ID: 10688109
Yup, got it.  First, our Exchange server IS secure....Runing Symantec 8.6 CE and Symantec Mail Filtering for Exchange.  I've excluded all the appropriate folders (Inetserv, Symantec Temp, Exchsrvr, etc...). Thanks.  I'll let you know the outcome.
0
 

Author Comment

by:tenover
ID: 10689379
Not a virus.....What a pain in the a$$ due to to Microsoft...
http://support.microsoft.com/default.aspx?scid=kb;en-us;816740

0
 

Accepted Solution

by:
CetusMOD earned 0 total points
ID: 11468868
PAQed, with points refunded (500)

CetusMOD
Community Support Moderator
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
IE Plugin Issue 4 83
default domain policy in AD exemptions 3 80
Compromised PC? 17 239
Propagate Applocker rules to all laptops/PCs in the domain 10 48
As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question