Solved

Exchange 2000 virus recovery HELP

Posted on 2009-05-13
4
308 Views
Last Modified: 2013-11-22
I have Exchange 2000 installed which was recently hit with some virus's.  Kaspersky found email -worm Win32.Klez and many trojans in Exchsrvr\Mailroot\Vsi\Badmail.  Kaspersky reorts that the threats have been nuetralized, but upon reboot, detects the threats over again.  I have tried to delete all files in the badmail folder, but can not access it.  Also, I can not start the information store service because I can not start the system attendant service.  I keep getting a 1053 error:The service did not respond to the start or control request in a timely fashion.

I have run another Kaspersky virus program targeted for the Win32.Klez  virus which was command based.  It found the virus and instructed me to rebott to nuetralize.  Yet on reboot, Kaspersky again finds the threat.

Can anyone offer any advice as to how I should proceed?
0
Comment
Question by:Cicio1412
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 65

Accepted Solution

by:
Mestha earned 500 total points
ID: 24377110
Stop all of the Exchange services.
Stop all of the AV services.
HARD DELETE the badmail directory (SHIFT DEL).

Then restart the Exchange services. Exchange will recreate the directory if it is required.

If you cannot stop the AV then exclude the directory from the realtime scan.

Simon.
0
 

Author Comment

by:Cicio1412
ID: 24377929
I was able to finally delete the Badmail folder contents via a command line.  So now the folder is empty.  However, I still can not start any of my exchange services.  I still get the 1053 error:The service did not respond to the start or control request in a timely fashion whe I try to start the system attendant.
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24378942
That may well be something completely unrelated.
Something should be logged when the service tries to start.

Simon.
0
 
LVL 15

Expert Comment

by:xmachine
ID: 24379246
Hi,

Check this:

http://support.microsoft.com/kb/886695



Experts-Exchange Certified Anti-Virus Master
Experts-Exchange Certified Symantec Anti-Virus Master
Symantec Certified Specialist
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
This article explains how to install and use the NTBackup utility that comes with Windows Server.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question