Solved

cant access server shares after being hacked

Posted on 2014-01-14
3
279 Views
Last Modified: 2014-01-14
looks like one of my servers was hacked and has been used to mine bit coins..

this has all been cleaned up but the problem Im having is I cant \\servername or \\ipaddress to the server shares on the sbs2011 server.

(I can \\servername on the server itself and it works fine )

when I try from a windows 7 pc I get windows cannot access \\servername when I do the diagnostics the problem found says  the remote device or resource won't accept the connection.

on the windows 7 pc I can ping the server fine with either the server name or the ip address.

anyone got any ideas???

Thanks in advance
0
Comment
Question by:ibexsystems
  • 2
3 Comments
 
LVL 22

Accepted Solution

by:
David Atkin earned 500 total points
ID: 39779691
How was the server cleaned after the hack?

Also, was the hack an issue with Cryptoblock (or something similar) on a networked PC or an actual security breach?

I'd start by checking all auto services to make sure that they are started. Please check and report back.

Check Share and Security permissions.

Check free disk space.
0
 
LVL 2

Author Comment

by:ibexsystems
ID: 39779910
I removed the program bath files and vb scripts

checked the batch files and vb scripts before removing them deleted the registry entries that the vb script and batch files made..

deleted the users that where created and transposed the rdp port to make it a little more difficult to access

also changed all passwords on the server...

all the automatic services seem to be starting fine so does the share and security permissions.

as I said above the server can access to shares on itself.

*** looks like it was a problem with Sophos and the built in firewall has gone crazy re rolled out the Sophos client and it working fine now..
0
 
LVL 22

Expert Comment

by:David Atkin
ID: 39779950
Good catch.

Thanks for letting us know.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've often see, or have been asked, the question about the difference between the Exchange 2010 SP1 version, available as part of Small Business Server (SBS) 2011, and the “normal” Exchange 2010 SP1 Standard. The answer to the question is relativ…
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now