?
Solved

Netsky viruses in Exchange log files - what to do?

Posted on 2004-08-05
7
Medium Priority
?
190 Views
Last Modified: 2013-12-04
I ran Trend's C/S/M Suite on our SBS2000 server, it found two viruses in c:\program files\exchsrvr\mdbdata\e00001047.log (worm_netsky.dam)  and  e00001054.log  (html_netsky.p).

Yes, I know I'm not supposed to run AV software on the exchsrvr folder, oops.

When I look in the mdbdata folder, I do not see those two log files!

Yesterday I did a backup of the Exchange databases.

Please give me some advice.  Why don't I see the log files?  Should I delete them?  Can they infect my network if they are in log files?

Thanks for sage wisdom and hard-won advice.


0
Comment
Question by:SydD
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 11725430
Hi enoch,
Access security settings in Internet Explorer by clicking Tools ("View" in earlier versions of IE) > Internet Options > Security (tab) > click the "Custom Level" button

Allow META REFRESH: set to disable

Cheers!
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 11725444
oops sorry wrong Q :(

Pete
0
 

Author Comment

by:SydD
ID: 11726230
ok, Pete, but now you owe me an answer!
0
WatchGuard's M Series Appliances - Miecom Approved

WatchGuard's newest M series appliances were put to the test by Miercom.  We had great results and outperformed all of our competitors in both stateless and stateful traffic throghput scenarios! Ready to see how your UTM appliance stacked up? Download the Miercom Report!

 
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 195 total points
ID: 11729028
mmmm its not good policy to have AV scanning various Exchange files cause it thinks thay are virus'd
have you tried running stinger?
0
 
LVL 21

Accepted Solution

by:
marc_nivens earned 180 total points
ID: 11731018
First off, stop scanning the mdbdata folder immediately.  It will eventually quarantine the e00.log and crash the store.  If file level AV found netsky in a log file, it means that someone sent an email to the server with the netsky virus.  Any Exchange aware AV application should be able to catch and delete these.
0
 

Author Comment

by:SydD
ID: 11731607
Thank you.  I will stop it.  
Should I attempt to recreat the missing log files?

0
 
LVL 57

Expert Comment

by:Pete Long
ID: 11819807
ThanQ
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Suggested Courses
Course of the Month10 days, 15 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question