?
Solved

Exchange 2000 virus recovery HELP

Posted on 2009-05-13
4
Medium Priority
?
316 Views
Last Modified: 2013-11-22
I have Exchange 2000 installed which was recently hit with some virus's.  Kaspersky found email -worm Win32.Klez and many trojans in Exchsrvr\Mailroot\Vsi\Badmail.  Kaspersky reorts that the threats have been nuetralized, but upon reboot, detects the threats over again.  I have tried to delete all files in the badmail folder, but can not access it.  Also, I can not start the information store service because I can not start the system attendant service.  I keep getting a 1053 error:The service did not respond to the start or control request in a timely fashion.

I have run another Kaspersky virus program targeted for the Win32.Klez  virus which was command based.  It found the virus and instructed me to rebott to nuetralize.  Yet on reboot, Kaspersky again finds the threat.

Can anyone offer any advice as to how I should proceed?
0
Comment
Question by:Cicio1412
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 65

Accepted Solution

by:
Mestha earned 2000 total points
ID: 24377110
Stop all of the Exchange services.
Stop all of the AV services.
HARD DELETE the badmail directory (SHIFT DEL).

Then restart the Exchange services. Exchange will recreate the directory if it is required.

If you cannot stop the AV then exclude the directory from the realtime scan.

Simon.
0
 

Author Comment

by:Cicio1412
ID: 24377929
I was able to finally delete the Badmail folder contents via a command line.  So now the folder is empty.  However, I still can not start any of my exchange services.  I still get the 1053 error:The service did not respond to the start or control request in a timely fashion whe I try to start the system attendant.
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24378942
That may well be something completely unrelated.
Something should be logged when the service tries to start.

Simon.
0
 
LVL 15

Expert Comment

by:xmachine
ID: 24379246
Hi,

Check this:

http://support.microsoft.com/kb/886695



Experts-Exchange Certified Anti-Virus Master
Experts-Exchange Certified Symantec Anti-Virus Master
Symantec Certified Specialist
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question