Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

cant access server shares after being hacked

Posted on 2014-01-14
3
285 Views
Last Modified: 2014-01-14
looks like one of my servers was hacked and has been used to mine bit coins..

this has all been cleaned up but the problem Im having is I cant \\servername or \\ipaddress to the server shares on the sbs2011 server.

(I can \\servername on the server itself and it works fine )

when I try from a windows 7 pc I get windows cannot access \\servername when I do the diagnostics the problem found says  the remote device or resource won't accept the connection.

on the windows 7 pc I can ping the server fine with either the server name or the ip address.

anyone got any ideas???

Thanks in advance
0
Comment
Question by:ibexsystems
  • 2
3 Comments
 
LVL 22

Accepted Solution

by:
David Atkin earned 500 total points
ID: 39779691
How was the server cleaned after the hack?

Also, was the hack an issue with Cryptoblock (or something similar) on a networked PC or an actual security breach?

I'd start by checking all auto services to make sure that they are started. Please check and report back.

Check Share and Security permissions.

Check free disk space.
0
 
LVL 2

Author Comment

by:ibexsystems
ID: 39779910
I removed the program bath files and vb scripts

checked the batch files and vb scripts before removing them deleted the registry entries that the vb script and batch files made..

deleted the users that where created and transposed the rdp port to make it a little more difficult to access

also changed all passwords on the server...

all the automatic services seem to be starting fine so does the share and security permissions.

as I said above the server can access to shares on itself.

*** looks like it was a problem with Sophos and the built in firewall has gone crazy re rolled out the Sophos client and it working fine now..
0
 
LVL 22

Expert Comment

by:David Atkin
ID: 39779950
Good catch.

Thanks for letting us know.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Many admins will agree: WSUS is is a nice invention but using it on the client side when updating a newly installed computer is still time consuming as you have to do several reboots and furthermore, the procedure of installing updates, rebooting an…
Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question