Solved

2003 Server Party Poker and Mozilla Icons????

Posted on 2011-03-09
5
281 Views
Last Modified: 2012-05-11
We didn't think this was a concern at first.  I can now say I have seen this happen at 4 different sites all 2003 servers!!

PartyPoker icons will show up out of the blue on the desktop.  And Mozilla browser will install.
I have confirmed that staff had not done this - these are all dedicated servers without monitors attached!

Has anyone seen this?
0
Comment
Question by:j-teksolutions
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 38

Expert Comment

by:younghv
ID: 35093957
There will be installation files/folders that will show the actual installation date/time.
Compare those to the logon records in Event Viewer. Find out who was logged in at that time. Look for who the "Owner" of the files/folders is.

Any of that can be installed remotely, so the presence of monitors does not matter.
If they can be accessed remotely - or have access to the Internet - they are vulnerable.

Are the servers behind a hardware firewall and what security applications are you running?
0
 

Author Comment

by:j-teksolutions
ID: 35222762
We may have found a trojan i bet that this is allowing a comprimise?
0
 
LVL 38

Accepted Solution

by:
younghv earned 500 total points
ID: 35222784
Malware is always a concern in unusual situations.

You might want to start with TDSSKILLER found here:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip

* Download the file TDSSKiller.zip and extract it into a folder on the infected (or potentially infected) PC.
* Execute the file TDSSKiller.exe.
* Wait for the scan and disinfection process to be over. You do not have to reboot the PC after the disinfection is over.

If the tool finds a hidden service it will prompt you to type "delete",  you can also just hit "Enter" without typing in and the scan will continue...
Then post the log to be analyzed.

Malwarebytes is pretty solid:
http://www.experts-exchange.com/A_1940.html (Basic Malware Troubleshooting)

There are a couple of other handy tools - like Hitman Pro - but I don't think we need it yet.
0
 

Author Closing Comment

by:j-teksolutions
ID: 35304750
thanks we were able to clean
0
 
LVL 3

Expert Comment

by:southwestsixteen
ID: 35304846
Hi,

I had a similar thing happen to a couple of sites a few months ago. Mozilla history showed a string of gambling and dating sites most in Russian or Czech. Check your Local Users and AD to make sure no fake user accounts have been created and given admin privileges. We also changed the domain admin password which finally resolved the issue as it seems the buggers kept getting back in even after Malware scans.

Btw, can also vouch for Malwarebytes. Run full scan though.
0

Featured Post

[Webinar] Learn How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
I've been an avid user and supporter of Malwarebytes Premium Version 2.x for years. It's an excellent product that runs alongside just about any Anti-Virus application without issues. It seems to have an uncanny ability to pick up many things that A…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question