Solved

Exchange 2000 virus recovery HELP

Posted on 2009-05-13
4
309 Views
Last Modified: 2013-11-22
I have Exchange 2000 installed which was recently hit with some virus's.  Kaspersky found email -worm Win32.Klez and many trojans in Exchsrvr\Mailroot\Vsi\Badmail.  Kaspersky reorts that the threats have been nuetralized, but upon reboot, detects the threats over again.  I have tried to delete all files in the badmail folder, but can not access it.  Also, I can not start the information store service because I can not start the system attendant service.  I keep getting a 1053 error:The service did not respond to the start or control request in a timely fashion.

I have run another Kaspersky virus program targeted for the Win32.Klez  virus which was command based.  It found the virus and instructed me to rebott to nuetralize.  Yet on reboot, Kaspersky again finds the threat.

Can anyone offer any advice as to how I should proceed?
0
Comment
Question by:Cicio1412
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 65

Accepted Solution

by:
Mestha earned 500 total points
ID: 24377110
Stop all of the Exchange services.
Stop all of the AV services.
HARD DELETE the badmail directory (SHIFT DEL).

Then restart the Exchange services. Exchange will recreate the directory if it is required.

If you cannot stop the AV then exclude the directory from the realtime scan.

Simon.
0
 

Author Comment

by:Cicio1412
ID: 24377929
I was able to finally delete the Badmail folder contents via a command line.  So now the folder is empty.  However, I still can not start any of my exchange services.  I still get the 1053 error:The service did not respond to the start or control request in a timely fashion whe I try to start the system attendant.
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24378942
That may well be something completely unrelated.
Something should be logged when the service tries to start.

Simon.
0
 
LVL 15

Expert Comment

by:xmachine
ID: 24379246
Hi,

Check this:

http://support.microsoft.com/kb/886695



Experts-Exchange Certified Anti-Virus Master
Experts-Exchange Certified Symantec Anti-Virus Master
Symantec Certified Specialist
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Exchange Server not available 42 65
search option in outlook 2016 not working? 11 96
Move a Database to a different server 4 58
MS Exchange 2016 license 5 31
Read this checklist to learn more about the 15 things you should never include in an email signature.
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question