asked on

2003 Server Party Poker and Mozilla Icons????

We didn't think this was a concern at first. I can now say I have seen this happen at 4 different sites all 2003 servers!!

PartyPoker icons will show up out of the blue on the desktop. And Mozilla browser will install.
I have confirmed that staff had not done this - these are all dedicated servers without monitors attached!

Has anyone seen this?

younghv

There will be installation files/folders that will show the actual installation date/time.
Compare those to the logon records in Event Viewer. Find out who was logged in at that time. Look for who the "Owner" of the files/folders is.

Any of that can be installed remotely, so the presence of monitors does not matter.
If they can be accessed remotely - or have access to the Internet - they are vulnerable.

Are the servers behind a hardware firewall and what security applications are you running?

IT SUPPORT

ASKER

We may have found a trojan i bet that this is allowing a comprimise?

ASKER CERTIFIED SOLUTION

younghv

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

IT SUPPORT

ASKER

thanks we were able to clean

southwestsixteen

Hi,

I had a similar thing happen to a couple of sites a few months ago. Mozilla history showed a string of gambling and dating sites most in Russian or Czech. Check your Local Users and AD to make sure no fake user accounts have been created and given admin privileges. We also changed the domain admin password which finally resolved the issue as it seems the buggers kept getting back in even after Malware scans.

Btw, can also vouch for Malwarebytes. Run full scan though.