<div>
<div class="content wysiwyg-content">
I have a client server that has recently be de-bugged of a nasty trojan rootkit infection (rootkit.cloaked/service-g<wbr />en).<br />
The system is not yet considered malware-free as there is a service which I believe is a CA Brightstor backup utility running that is utilising up to 99% CPU time (CATIRPC.EXE). In addition IBServer.EXE and SRA.EXE are also hogging CPU time.<br />
I am not a server tech in normal circumstances (still learning) and have little knowledge of server utilities.<br />
The system seems to be casting network requests (or possibly sending spam) as there is network activity through my broadband link to an outside source.<br />
I cannot activate the Windows Firewall as a message is displayed on activation that &quot;another program or service is running that might use the network address translation component (IPNAT.SYS).<br />
Can anyone shed light on the activity observed regarding CATIRPC and the other services mentioned above and/or the inability to activate the windows firewall?
</div>
</div>


I have a client server that has recently be de-bugged of a nasty trojan rootkit infection (rootkit.cloaked/service-gen).
The system is not yet considered malware-free as there is a service which I believe is a CA Brightstor backup utility running that is utilising up to 99% CPU time (CATIRPC.EXE). In addition IBServer.EXE and SRA.EXE are also hogging CPU time.
I am not a server tech in normal circumstances (still learning) and have little knowledge of server utilities.
The system seems to be casting network requests (or possibly sending spam) as there is network activity through my broadband link to an outside source.
I cannot activate the Windows Firewall as a message is displayed on activation that "another program or service is running that might use the network address translation component (IPNAT.SYS).
Can anyone shed light on the activity observed regarding CATIRPC and the other services mentioned above and/or the inability to activate the windows firewall?

CATIRPC.EXE &amp; SRA.EXE ON HP SERVER RUNNING WINDOWS 2003 SERVER

Anti-virus software was originally developed to detect and remove computer viruses. However, with the proliferation of other kinds of malware, antivirus software started to provide protection from other computer threats. In particular, modern antivirus software can protect from malicious browser helper objects (BHOs), browser hijackers, ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, malicious layered service providers (LSPs), dialers, fraud tools, adware and spyware. Some products also include protection from other computer threats, such as infected and malicious URLs, spam, scam and phishing attacks, online identity theft (privacy), online banking attacks, social engineering techniques, Advanced Persistent Threat (APT), botnets and DDoS attacks.

Anti-Virus Apps

Windows Server 2003 was based on Windows XP and was released in four editions: Web, Standard, Enterprise and Datacenter. It also had derivative versions for clusters, storage and Microsoft’s Small Business Server. Important upgrades included integrating Internet Information Services (IIS), improvements to Active Directory (AD) and Group Policy (GP), and the migration to Automated System Recovery (ASR).

CATIRPC.EXE &amp; SRA.EXE ON HP SERVER RUNNING WINDOWS 2003 SERVER

CATIRPC.EXE & SRA.EXE ON HP SERVER RUNNING WINDOWS 2003 SERVER