It looks like a hacker got into the SBS 2003 server and completely uninstalled IIS. All IIS sites were redirected to a phishing site with an .au extension.
Is it possible for something other than a purposeful uninstall to cause the server to appear to be missing these components?
Is there a log for the removal of components I can check to see if an uninstall was initiated by a user?
I understand that IIS is a difficult thing to remove from SBS so I might have to do a re-install as we've only got critical files backup for this server.
I'd like some assistance with both the recovery and attempting to determine what was done.
Thanks in Advance,