Antivirus for Windows 2000 server

Mark Litin
Mark Litin used Ask the Experts™
on
Hi

I have a client with a windows 2000 server they can't upgrade.  I need to scan it for malware and haven't been able to find a product to do so.

Can anyone recommend one that'll do the job?  It doesn't necessarily need to be free.

Thanks
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Rated Freelancer on MS Technologies
Awarded 2018
Distinguished Expert 2018
Commented:
Recommendation 1:
http://www.oldapps.com/malwarebytes.php?system=Windows_2000

recommendation 2:
try: https://www.microsoft.com/en-us/download/malicious-software-removal-tool-details.aspx
or search an old version of it.

Recommendation 3: update them. They really have to move on to the new servers.
That server ran out from of updates for more than 10 years or so.
So I'm pretty sure that is vulnerable to whatever is up there today.

Always people will say that "they can't update it". But we all need to follow the standard procedures and let them know that whatever reason that server is still up... they can lose it with a ransomware or any wanna-cry attack. There is nothing 100% secure...
Dr. KlahnPrincipal Software Engineer

Commented:
Is the requirement for a virus scanner, or a malware scanner?  The two are not generally interchangeable -- virus scanners often do a poor job of detecting malware, and malware scanners in general don't look for viruses.
Mark LitinOwner

Author

Commented:
Hasn't been protected for an untold duration. I want to complete scanner or scanners.
OWASP: Avoiding Hacker Tricks

Learn to build secure applications from the mindset of the hacker and avoid being exploited.

Dr. KlahnPrincipal Software Engineer
Commented:
You'll get as many different recommendations for an antivirus as the number of experts who comment, and each of us has their own reasons.

I suggest AVG, if it still runs on Windows 2000.  You might have to dig up an older installation kit and you'll probably have to disable upgrades (not database updates, but program upgrades).

Stay away from McAfee and Norton / Symantec.  I have not yet seen a system with Norton installed that runs correctly and it is a devil to get out of a system once it is installed.  Which reminds me ...

Make a full backup of the system before installing any antivirus.  All antiviruses tamper with the system to some extent and it is impossible to get all the parts out after installation.  If you find you don't like an antivirus, you can go back to the full backup and restore to clean system instead of piling the next antivirus on the previous antivirus remnants on the previous previous antivirus remnants, etc., which soon results in an unstable system.
Lee W, MVPTechnology and Business Process Advisor
Most Valuable Expert 2013

Commented:
Get that machine off the internet.  Get it off the network.  Put a firewall in front of it that ONLY allows the ports they need for whatever the application they need is.  Get them to upgrade the software on that system.
Top Expert 2014

Commented:
To scan for malware. Stop the server attach its harddrives to another System or boot from a antivirus CD and scan from there. If an infection is found, try to find out when it happend, than rebuild the machine. CHANGE ALL Passwords that were used on that box since the infection started. If Domain Admin was used during that period you are really in trouble, you need to do an in depth, offline, scan of the entire set of machines that are belonging or accessing this AD domain. And even this cannot ensure there is no backdoor for the attackers left somewhere.
Top Expert 2013

Commented:
if the server has 1 disk drive, or uses mirror raid  -you can hook the drive to a working system, and scan it from there
Shaun VermaakTechnical Specialist
Awarded 2017
Distinguished Expert 2018

Commented:
Can anyone recommend one that'll do the job?
No AV will be able to protect it at the OS level. Can you virtualize as is?
Mark LitinOwner

Author

Commented:
These are all great comments and suggestions, the object is to virtualize the machine and get the application off the server.  I'm using a Datto backup intending to obtain a virtualized environment, but the virtual machine is booting into a blue screen.  Troubleshooting identified an infection.


Nobus, it's a RAID 5,  Is there a way to scan that array offline?

Andreas, thanks for your input.   I've done comprehensive malware detection on all computers on the network. Still, I'm being cautious.  It's possible that I can take the server offline long enough to do an offline startup scan.  And I'll attempt that in the next couple of days.

Lee W.  Great point.  Yes.  Off the internet will be possible, but upgrading will not be. Everything is being done to preserve an application serving their oldest client data running on a SQL 2000 Database.  Everything is being done to virtualize it to loose the server.  

Dr. Klahn, there are full backups that can be leveraged.  Thanks.
Top Expert 2013

Commented:
no  that 's not what i suggested - only mirror - raid 1
Lee W, MVPTechnology and Business Process Advisor
Most Valuable Expert 2013

Commented:
Once you virtualize it, you should be doing everything you can to upgrade that system.  Setup a test system and install newer versions of SQL and see if you can migrate the database.  Try various versions of SQL (https://blogs.technet.microsoft.com/mdegre/2012/06/15/migration-sql-server-2000-to-sql-server-2012/) and of course TEST with the apps that use it.  Subsequently, you can at least migrate to Server 2003.  It's an improvement (if not also out of date and unsupported).  But GENERALLY, SQL databases can be moved.  ALWAYS test first using test environments and DON'T use snapshots for testing this!
Mark LitinOwner

Author

Commented:
Question: before I execute a boot time scan, will a modern boot time av (ive got an ISO of TrendMicro recovery disk to use)  work booting this antiquated server?
Top Expert 2014

Commented:
Raid 5 can be scanned offline it its controlled via a hardware RAID controller. But in some cases the AV-Boot medium needs to support that very RAID controller board. But its worth a try in any case.
Top Expert 2013

Commented:
Eset supports  server 2000   https://www.eset.com/sg/support/sysrescue/
best contact thenm for the raid compatibility though
Mark LitinOwner

Author

Commented:
thanks, all.  I'm visiting the business today to test these out.
Mark LitinOwner

Author

Commented:
Hi All

I have successfully used the pre-boot scan utility from ESet and then rebooted.  I'm still troubleshooting to allow a Datto backup to allow successful local virtualization using guidance from Datto.  I will now close the question.  thanks to all for your valuable insight.
Seth SimmonsSr. Systems Administrator

Commented:
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I have recommended this question be closed as follows:

Split:
-- Jose Ortega (https:#a42277808)
-- Dr. Klahn (https:#a42277896)


If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.

seth2740
Experts-Exchange Cleanup Volunteer

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial