?
Solved

Strange new user on Server....Virus?

Posted on 2004-03-26
11
Medium Priority
?
209 Views
Last Modified: 2013-12-04
I came in this morning and was checking out my Exchange server.  I went into C:\Documents and Settings, and noticed a new "user" profile/folder that was 8-10 strange characters including Chinese characters and squares and whatnot.  Server seems to be runnign fine, but I deleted that folder real quick.  Do you think that machine has a virus, and if so, I have Symantec CE installed, can I run a scan on that server?  I'm pretty sure to run a scan I have to exclude all kinds of folders first, right?  Thanks.
0
Comment
Question by:tenover
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1
11 Comments
 
LVL 12

Expert Comment

by:trywaredk
ID: 10687941
Yes - immidiately run a scan

You shoul protect your server in the future.

If you want to secure your company's workstations in the future, consider to purchase OfficeScan:
http://www.trendmicro.com/en/products/desktop/osce/evaluate/features.htm

If you can afford it, you can get an url-scanning engine installed on a server with workstation, server-, email and url-scanning engine from
http://www.trendmicro.com/en/products/global/enterprise.htm

Virus Information Alliance (VIA)
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/virus/via.asp

Review of the best antivirus solutions:
http://www.cnet.com/software/1,11066,0-806174-1202-0,00.html?tag=dir-av&pn=1&ob=3&qt=&qn=&F2=0&F3=0&sm=0

SoftScan puts an end to virus and spam threats from the Internet
http://www.softscan.dk/english/index.asp

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10687947
Use this free online Trend Housecall scanner to find and clean every known virus/rootkits/backdoors:
http://housecall.trendmicro.com/housecall/start_corp.asp

Some viruses can't be removed by housecall. If so, use the free Trend Micro system cleaner:
http://www.trendmicro.com/download/tsc.asp

If you get's an ActiveX error, when loading the HouseCall web page:
http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=4317

If you want to secure your one workstation in the future, consider to purchase PC-cillin with builtin firewall:
http://www.trendmicro.com/en/products/desktop/pc-cillin/evaluate/overview.htm
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10687955
Sygate free scanning your security: quick, stealth, trojan, tcp, udp, icmp
http://scan.sygatetech.com/

One Usage of the HACKYOURSELF scan: TCP Scan (65534 ports),UDP scan (800+ ports), and Netbios Scan
http://www.hackerwhacker.com/ 

Shields UP! quickly checks the SECURITY of YOUR computer's connection to the Internet.
https://grc.com/x/ne.dll?bh0bkyd2

Port scan.. Get an instant security analysis now. You dont even need to know your own IP address!
http://www.dslreports.com/scan
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
LVL 12

Expert Comment

by:trywaredk
ID: 10687963
Improving the Security of PST Files
http://support.microsoft.com/default.aspx?scid=kb;en-us;143241

Downloading and Using the Security Configuration Manager Tool:
http://support.microsoft.com/default.aspx?scid=kb;en-us;245216

Stress Tools to Test Your Web Server:
http://support.microsoft.com/default.aspx?scid=kb;en-us;231282

WebCast: Using the Microsoft Security Tool Kit to Get and Stay Secure
http://support.microsoft.com/default.aspx?scid=kb;en-us;324892

Microsoft Baseline Security Analyzer
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/Tools/MBSAhome.asp

Maximum Windows 2000 Security
http://www.bookpool.com/.x/rmpdj26gor/sm/0672319659

0
 
LVL 6

Expert Comment

by:DanniF
ID: 10688039
What version of Windows do you have and what version of Exchange?

You should find the information you need here:

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2000110108382448

Hope this helps,

Daniel F.
0
 
LVL 6

Expert Comment

by:DanniF
ID: 10688069
nono, DO NOT SCAN YOUR EXCHANGE SERVER WITHOUT EXCLUDING FOLDERS!!!!

THIS CAN DAMAGE YOUR INFORMATION STORE AND/OR RESULT IN FALSE VIRUS ALERTS!


sry bout the caps, just want to be sure you notice before scanning....

Good luck,

Daniel F.
0
 
LVL 6

Expert Comment

by:DanniF
ID: 10688079
nono, DO NOT SCAN YOUR EXCHANGE SERVER WITHOUT EXCLUDING FOLDERS!!!!

THIS CAN DAMAGE YOUR INFORMATION STORE AND/OR RESULT IN FALSE VIRUS ALERTS!


sry bout the caps, just want to be sure you notice before scanning....

Good luck,

Daniel F.
0
 

Author Comment

by:tenover
ID: 10688109
Yup, got it.  First, our Exchange server IS secure....Runing Symantec 8.6 CE and Symantec Mail Filtering for Exchange.  I've excluded all the appropriate folders (Inetserv, Symantec Temp, Exchsrvr, etc...). Thanks.  I'll let you know the outcome.
0
 

Author Comment

by:tenover
ID: 10689379
Not a virus.....What a pain in the a$$ due to to Microsoft...
http://support.microsoft.com/default.aspx?scid=kb;en-us;816740

0
 

Accepted Solution

by:
CetusMOD earned 0 total points
ID: 11468868
PAQed, with points refunded (500)

CetusMOD
Community Support Moderator
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Suggested Courses

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question