Solved

Netsky viruses in Exchange log files - what to do?

Posted on 2004-08-05
7
183 Views
Last Modified: 2013-12-04
I ran Trend's C/S/M Suite on our SBS2000 server, it found two viruses in c:\program files\exchsrvr\mdbdata\e00001047.log (worm_netsky.dam)  and  e00001054.log  (html_netsky.p).

Yes, I know I'm not supposed to run AV software on the exchsrvr folder, oops.

When I look in the mdbdata folder, I do not see those two log files!

Yesterday I did a backup of the Exchange databases.

Please give me some advice.  Why don't I see the log files?  Should I delete them?  Can they infect my network if they are in log files?

Thanks for sage wisdom and hard-won advice.


0
Comment
Question by:SydD
  • 4
  • 2
7 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 11725430
Hi enoch,
Access security settings in Internet Explorer by clicking Tools ("View" in earlier versions of IE) > Internet Options > Security (tab) > click the "Custom Level" button

Allow META REFRESH: set to disable

Cheers!
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 11725444
oops sorry wrong Q :(

Pete
0
 

Author Comment

by:SydD
ID: 11726230
ok, Pete, but now you owe me an answer!
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 65 total points
ID: 11729028
mmmm its not good policy to have AV scanning various Exchange files cause it thinks thay are virus'd
have you tried running stinger?
0
 
LVL 21

Accepted Solution

by:
marc_nivens earned 60 total points
ID: 11731018
First off, stop scanning the mdbdata folder immediately.  It will eventually quarantine the e00.log and crash the store.  If file level AV found netsky in a log file, it means that someone sent an email to the server with the netsky virus.  Any Exchange aware AV application should be able to catch and delete these.
0
 

Author Comment

by:SydD
ID: 11731607
Thank you.  I will stop it.  
Should I attempt to recreat the missing log files?

0
 
LVL 57

Expert Comment

by:Pete Long
ID: 11819807
ThanQ
0

Featured Post

Free camera licenses with purchase of My Cloud NAS

Milestone Arcus software is compatible with thousands of industry-leading cameras for added flexibility. Upon installation on your My Cloud NAS, you will receive two (2) camera licenses already enabled in the software. And for a limited time, get additional camera licenses FREE.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
A short film showing how OnPage and Connectwise integration works.

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now