Solved

Strange new user on Server....Virus?

Posted on 2004-03-26
11
196 Views
Last Modified: 2013-12-04
I came in this morning and was checking out my Exchange server.  I went into C:\Documents and Settings, and noticed a new "user" profile/folder that was 8-10 strange characters including Chinese characters and squares and whatnot.  Server seems to be runnign fine, but I deleted that folder real quick.  Do you think that machine has a virus, and if so, I have Symantec CE installed, can I run a scan on that server?  I'm pretty sure to run a scan I have to exclude all kinds of folders first, right?  Thanks.
0
Comment
Question by:tenover
  • 4
  • 3
  • 2
  • +1
11 Comments
 
LVL 12

Expert Comment

by:trywaredk
ID: 10687941
Yes - immidiately run a scan

You shoul protect your server in the future.

If you want to secure your company's workstations in the future, consider to purchase OfficeScan:
http://www.trendmicro.com/en/products/desktop/osce/evaluate/features.htm

If you can afford it, you can get an url-scanning engine installed on a server with workstation, server-, email and url-scanning engine from
http://www.trendmicro.com/en/products/global/enterprise.htm

Virus Information Alliance (VIA)
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/virus/via.asp

Review of the best antivirus solutions:
http://www.cnet.com/software/1,11066,0-806174-1202-0,00.html?tag=dir-av&pn=1&ob=3&qt=&qn=&F2=0&F3=0&sm=0

SoftScan puts an end to virus and spam threats from the Internet
http://www.softscan.dk/english/index.asp

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10687947
Use this free online Trend Housecall scanner to find and clean every known virus/rootkits/backdoors:
http://housecall.trendmicro.com/housecall/start_corp.asp

Some viruses can't be removed by housecall. If so, use the free Trend Micro system cleaner:
http://www.trendmicro.com/download/tsc.asp

If you get's an ActiveX error, when loading the HouseCall web page:
http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=4317

If you want to secure your one workstation in the future, consider to purchase PC-cillin with builtin firewall:
http://www.trendmicro.com/en/products/desktop/pc-cillin/evaluate/overview.htm
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10687955
Sygate free scanning your security: quick, stealth, trojan, tcp, udp, icmp
http://scan.sygatetech.com/

One Usage of the HACKYOURSELF scan: TCP Scan (65534 ports),UDP scan (800+ ports), and Netbios Scan
http://www.hackerwhacker.com/ 

Shields UP! quickly checks the SECURITY of YOUR computer's connection to the Internet.
https://grc.com/x/ne.dll?bh0bkyd2

Port scan.. Get an instant security analysis now. You dont even need to know your own IP address!
http://www.dslreports.com/scan
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 
LVL 12

Expert Comment

by:trywaredk
ID: 10687963
Improving the Security of PST Files
http://support.microsoft.com/default.aspx?scid=kb;en-us;143241

Downloading and Using the Security Configuration Manager Tool:
http://support.microsoft.com/default.aspx?scid=kb;en-us;245216

Stress Tools to Test Your Web Server:
http://support.microsoft.com/default.aspx?scid=kb;en-us;231282

WebCast: Using the Microsoft Security Tool Kit to Get and Stay Secure
http://support.microsoft.com/default.aspx?scid=kb;en-us;324892

Microsoft Baseline Security Analyzer
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/Tools/MBSAhome.asp

Maximum Windows 2000 Security
http://www.bookpool.com/.x/rmpdj26gor/sm/0672319659

0
 
LVL 6

Expert Comment

by:DanniF
ID: 10688039
What version of Windows do you have and what version of Exchange?

You should find the information you need here:

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2000110108382448

Hope this helps,

Daniel F.
0
 
LVL 6

Expert Comment

by:DanniF
ID: 10688069
nono, DO NOT SCAN YOUR EXCHANGE SERVER WITHOUT EXCLUDING FOLDERS!!!!

THIS CAN DAMAGE YOUR INFORMATION STORE AND/OR RESULT IN FALSE VIRUS ALERTS!


sry bout the caps, just want to be sure you notice before scanning....

Good luck,

Daniel F.
0
 
LVL 6

Expert Comment

by:DanniF
ID: 10688079
nono, DO NOT SCAN YOUR EXCHANGE SERVER WITHOUT EXCLUDING FOLDERS!!!!

THIS CAN DAMAGE YOUR INFORMATION STORE AND/OR RESULT IN FALSE VIRUS ALERTS!


sry bout the caps, just want to be sure you notice before scanning....

Good luck,

Daniel F.
0
 

Author Comment

by:tenover
ID: 10688109
Yup, got it.  First, our Exchange server IS secure....Runing Symantec 8.6 CE and Symantec Mail Filtering for Exchange.  I've excluded all the appropriate folders (Inetserv, Symantec Temp, Exchsrvr, etc...). Thanks.  I'll let you know the outcome.
0
 

Author Comment

by:tenover
ID: 10689379
Not a virus.....What a pain in the a$$ due to to Microsoft...
http://support.microsoft.com/default.aspx?scid=kb;en-us;816740

0
 

Accepted Solution

by:
CetusMOD earned 0 total points
ID: 11468868
PAQed, with points refunded (500)

CetusMOD
Community Support Moderator
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

816 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now