Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Netsky viruses in Exchange log files - what to do?

Posted on 2004-08-05
7
187 Views
Last Modified: 2013-12-04
I ran Trend's C/S/M Suite on our SBS2000 server, it found two viruses in c:\program files\exchsrvr\mdbdata\e00001047.log (worm_netsky.dam)  and  e00001054.log  (html_netsky.p).

Yes, I know I'm not supposed to run AV software on the exchsrvr folder, oops.

When I look in the mdbdata folder, I do not see those two log files!

Yesterday I did a backup of the Exchange databases.

Please give me some advice.  Why don't I see the log files?  Should I delete them?  Can they infect my network if they are in log files?

Thanks for sage wisdom and hard-won advice.


0
Comment
Question by:SydD
  • 4
  • 2
7 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 11725430
Hi enoch,
Access security settings in Internet Explorer by clicking Tools ("View" in earlier versions of IE) > Internet Options > Security (tab) > click the "Custom Level" button

Allow META REFRESH: set to disable

Cheers!
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 11725444
oops sorry wrong Q :(

Pete
0
 

Author Comment

by:SydD
ID: 11726230
ok, Pete, but now you owe me an answer!
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 65 total points
ID: 11729028
mmmm its not good policy to have AV scanning various Exchange files cause it thinks thay are virus'd
have you tried running stinger?
0
 
LVL 21

Accepted Solution

by:
marc_nivens earned 60 total points
ID: 11731018
First off, stop scanning the mdbdata folder immediately.  It will eventually quarantine the e00.log and crash the store.  If file level AV found netsky in a log file, it means that someone sent an email to the server with the netsky virus.  Any Exchange aware AV application should be able to catch and delete these.
0
 

Author Comment

by:SydD
ID: 11731607
Thank you.  I will stop it.  
Should I attempt to recreat the missing log files?

0
 
LVL 57

Expert Comment

by:Pete Long
ID: 11819807
ThanQ
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question