?
Solved

cant access server shares after being hacked

Posted on 2014-01-14
3
Medium Priority
?
302 Views
Last Modified: 2014-01-14
looks like one of my servers was hacked and has been used to mine bit coins..

this has all been cleaned up but the problem Im having is I cant \\servername or \\ipaddress to the server shares on the sbs2011 server.

(I can \\servername on the server itself and it works fine )

when I try from a windows 7 pc I get windows cannot access \\servername when I do the diagnostics the problem found says  the remote device or resource won't accept the connection.

on the windows 7 pc I can ping the server fine with either the server name or the ip address.

anyone got any ideas???

Thanks in advance
0
Comment
Question by:ibexsystems
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 22

Accepted Solution

by:
David Atkin earned 1500 total points
ID: 39779691
How was the server cleaned after the hack?

Also, was the hack an issue with Cryptoblock (or something similar) on a networked PC or an actual security breach?

I'd start by checking all auto services to make sure that they are started. Please check and report back.

Check Share and Security permissions.

Check free disk space.
0
 
LVL 2

Author Comment

by:ibexsystems
ID: 39779910
I removed the program bath files and vb scripts

checked the batch files and vb scripts before removing them deleted the registry entries that the vb script and batch files made..

deleted the users that where created and transposed the rdp port to make it a little more difficult to access

also changed all passwords on the server...

all the automatic services seem to be starting fine so does the share and security permissions.

as I said above the server can access to shares on itself.

*** looks like it was a problem with Sophos and the built in firewall has gone crazy re rolled out the Sophos client and it working fine now..
0
 
LVL 22

Expert Comment

by:David Atkin
ID: 39779950
Good catch.

Thanks for letting us know.
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question