Windows 2003 server and virus infection

I have a windows 2003 server infected with several trogans in the c:\windows\system.rar and the c:\windows\system32\system.rar folders.  For the life of me, I can't find these folders.

HELP!
crp0499CEOAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

redseatechnologiesCommented:
Hi crp0499,

have you tried one of the online virus scanners such as

http://housecall.trendmicro.com

is it possible for you to reboot this server into safe mode, so that you can clean some of this garbage off?

hope that helps

-red
crp0499CEOAuthor Commented:
Running TrendMicro now.  Can't reboot the server.  I'm remote.
redseatechnologiesCommented:
i would try to get to it (if possible)

if it has a virus, there is a spectacular chance that it will either begin infecting other PCs on the network, or, open up a backdoor for other viruses to come in and infect the rest of the network.

that trendmicro scan will take about an hour, but should kill any running viruses in the first few minutes

good luck, let us know

-red
Become a Microsoft Certified Solutions Expert

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

crp0499CEOAuthor Commented:
I'll be on-site tomorrow with the server.  Absent a resolution soon, I'll just turn off SMTP til I can get to it.
redseatechnologiesCommented:
i doubt that will make a difference somehow

if it is running a virus, and trendmicro cant disable it, then it will (assuming it is a massmailer) use it's own smtp server

you would be better off trying to stop it from running (registry/startup/task manager) and then clean up the fallout tomorrow

either stop it from running or turn the server off

but hey, it all depends on how important this server is

-red

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
crp0499CEOAuthor Commented:
not important enough to leave on if I can't clean it remotely.  RR already e-mailed me and told me they are getting complaints.  Something about redirected bounces...
redseatechnologiesCommented:
easy then

if you can turn it off, you can start disabling services

go through and stop everything you can, keep trying to clean the virus out

if that doesn't work, shut her down and do it tomorrow in safe mode

-red
crp0499CEOAuthor Commented:
While you're at it, take a look at this one.

http://www.experts-exchange.com/Networking/Email_Groupware/Exchange_Server/Q_21482311.html

I had my Exchange server listed as my DMZ in my router.
redseatechnologiesCommented:
"Thanks for the help.  I drove over (assuming you meant me when you referred to a skilled technician) and rebooted in safe mode and cleaned off that last pesky one.  I'll monitor it to see how it does over the next day or so.  Also, since the 2K3 box has a public IP, I think I'll drop a router in front of it and hide it some."

Yes i did mean you.

good idea on dropping a router infront of it, but you did a scan before and it came up with nothing exciting, so why bother?

-red
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 2000

From novice to tech pro — start learning today.