<div>
I am a little concerned about doing this, as the cache could be infected too.
</div>


I am a little concerned about doing this, as the cache could be infected too.

<div>
Run a scan on the .exe in the cache folder or a full folder scan with AVG<br />
Also make sure you disable your Windows Recovery (System Restore Points) as virus' quite often hide in here.<br />
If the cache is infected then download the last SP that you applyed to the server run it but dont install, it will extract all the data to a folder on the root of one of your hard disks with a random folder name like;<br />
bgtrasssrebsreeeaasese<br />
inside here will be a full extract of all the files in the SP, then run sfc /scannow and when it asks for replacement files point it at this dir
</div>


Run a scan on the .exe in the cache folder or a full folder scan with AVG
Also make sure you disable your Windows Recovery (System Restore Points) as virus' quite often hide in here.
If the cache is infected then download the last SP that you applyed to the server run it but dont install, it will extract all the data to a folder on the root of one of your hard disks with a random folder name like;
bgtrasssrebsreeeaasese
inside here will be a full extract of all the files in the SP, then run sfc /scannow and when it asks for replacement files point it at this dir

<div>
Starting in safe mode and copying the file from DLLCACHE worked. Thanks.
</div>


Starting in safe mode and copying the file from DLLCACHE worked. Thanks.

<div>
<div class="content wysiwyg-content">
Our AVG anti virus has identified an infection in the c:\windows\explorer.exe file. <br />
<br />
We have been advised by AVG that this is a TDS Rootkit which requires the explorer.exe recovering from the original CD. <br />
<br />
My question is what is the correct way to do this, and if the original file is an earlier version, will it impact the server having this restored in isolation? ie explorer.exe just on its own.<br />
<br />
Any advise would be welcomed.<br />
<br />
Many thansk.
</div>
</div>


Our AVG anti virus has identified an infection in the c:\windows\explorer.exe file. 

We have been advised by AVG that this is a TDS Rootkit which requires the explorer.exe recovering from the original CD. 

My question is what is the correct way to do this, and if the original file is an earlier version, will it impact the server having this restored in isolation? ie explorer.exe just on its own.

Any advise would be welcomed.

Many thansk.

recovering explorer.exe to sbs2003 server.

Small Business Server (SBS) is a line of server operating systems targeted at small businesses by bundling the operating system with a number of other Microsoft products that would normally need to be purchased or licensed separately. The most notable inclusions are Exchange, SQL Server, SharePoint and ISA/TMG (Microsoft's firewall and proxy server).