Virus on Windows Small Business Server 2003
Posted on 2009-02-20
I have a Windows SBS 2003 server fully uptodate and also have all the usual stuff (Exchange & Symantec AV 10.2) The hard drive is split into two partitions C (Windows) & D (Data) - 50Gb & 450Gb
The server is working fine, however a few days ago I noticed very little space left in the C partition - 250Mb - and when I checked the folder C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 was filling up with approx 40Gb+ of junk - I thought nothing of it and deleted it freeing up the space.
Today the same thing happened same file filled with 40Gb+ of junk within a few hours. I also noticed an index.dat file in the same location and CANNOT delete it.
I perfromed a full virus scan which turned up nothing but when I looked in the event logs I found two errors:
SYMANTEC TAMPER PROTECTION ALERT
Event Info: Terminate Process
Action Taken: Blocked
Actor Process: C:\WINDOWS\system32\taskmgr.exe (PID 2836)
Time: 20 February 2009 09:48:18
Security Risk Found!Risk: Backdoor.Singu in File:
But yet the virus scan ISN'T picking anything up.....All I can currently do is delete the folders in the ContentIE5 folder but a minutes later they appear again....
Any help is greatly appreciated!