Antivirus for Windows 2000 server


I have a client with a windows 2000 server they can't upgrade.  I need to scan it for malware and haven't been able to find a product to do so.

Can anyone recommend one that'll do the job?  It doesn't necessarily need to be free.

Mark LitinOwnerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jose Gabriel Ortega CastroEE Solution Guide/Topic Advisor and CEO Faru Bonon ITCommented:
Recommendation 1:

recommendation 2:
or search an old version of it.

Recommendation 3: update them. They really have to move on to the new servers.
That server ran out from of updates for more than 10 years or so.
So I'm pretty sure that is vulnerable to whatever is up there today.

Always people will say that "they can't update it". But we all need to follow the standard procedures and let them know that whatever reason that server is still up... they can lose it with a ransomware or any wanna-cry attack. There is nothing 100% secure...

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Dr. KlahnPrincipal Software EngineerCommented:
Is the requirement for a virus scanner, or a malware scanner?  The two are not generally interchangeable -- virus scanners often do a poor job of detecting malware, and malware scanners in general don't look for viruses.
Mark LitinOwnerAuthor Commented:
Hasn't been protected for an untold duration. I want to complete scanner or scanners.
5 Ways Acronis Skyrockets Your Data Protection

Risks to data security are risks to business continuity. Businesses need to know what these risks look like – and where they can turn for help.
Check our newest E-Book and learn how you can differentiate your data protection business with advanced cloud solutions Acronis delivers

Dr. KlahnPrincipal Software EngineerCommented:
You'll get as many different recommendations for an antivirus as the number of experts who comment, and each of us has their own reasons.

I suggest AVG, if it still runs on Windows 2000.  You might have to dig up an older installation kit and you'll probably have to disable upgrades (not database updates, but program upgrades).

Stay away from McAfee and Norton / Symantec.  I have not yet seen a system with Norton installed that runs correctly and it is a devil to get out of a system once it is installed.  Which reminds me ...

Make a full backup of the system before installing any antivirus.  All antiviruses tamper with the system to some extent and it is impossible to get all the parts out after installation.  If you find you don't like an antivirus, you can go back to the full backup and restore to clean system instead of piling the next antivirus on the previous antivirus remnants on the previous previous antivirus remnants, etc., which soon results in an unstable system.
Lee W, MVPTechnology and Business Process AdvisorCommented:
Get that machine off the internet.  Get it off the network.  Put a firewall in front of it that ONLY allows the ports they need for whatever the application they need is.  Get them to upgrade the software on that system.
andreasSystem AdminCommented:
To scan for malware. Stop the server attach its harddrives to another System or boot from a antivirus CD and scan from there. If an infection is found, try to find out when it happend, than rebuild the machine. CHANGE ALL Passwords that were used on that box since the infection started. If Domain Admin was used during that period you are really in trouble, you need to do an in depth, offline, scan of the entire set of machines that are belonging or accessing this AD domain. And even this cannot ensure there is no backdoor for the attackers left somewhere.
if the server has 1 disk drive, or uses mirror raid  -you can hook the drive to a working system, and scan it from there
Shaun VermaakTechnical SpecialistCommented:
Can anyone recommend one that'll do the job?
No AV will be able to protect it at the OS level. Can you virtualize as is?
Mark LitinOwnerAuthor Commented:
These are all great comments and suggestions, the object is to virtualize the machine and get the application off the server.  I'm using a Datto backup intending to obtain a virtualized environment, but the virtual machine is booting into a blue screen.  Troubleshooting identified an infection.

Nobus, it's a RAID 5,  Is there a way to scan that array offline?

Andreas, thanks for your input.   I've done comprehensive malware detection on all computers on the network. Still, I'm being cautious.  It's possible that I can take the server offline long enough to do an offline startup scan.  And I'll attempt that in the next couple of days.

Lee W.  Great point.  Yes.  Off the internet will be possible, but upgrading will not be. Everything is being done to preserve an application serving their oldest client data running on a SQL 2000 Database.  Everything is being done to virtualize it to loose the server.  

Dr. Klahn, there are full backups that can be leveraged.  Thanks.
no  that 's not what i suggested - only mirror - raid 1
Lee W, MVPTechnology and Business Process AdvisorCommented:
Once you virtualize it, you should be doing everything you can to upgrade that system.  Setup a test system and install newer versions of SQL and see if you can migrate the database.  Try various versions of SQL ( and of course TEST with the apps that use it.  Subsequently, you can at least migrate to Server 2003.  It's an improvement (if not also out of date and unsupported).  But GENERALLY, SQL databases can be moved.  ALWAYS test first using test environments and DON'T use snapshots for testing this!
Mark LitinOwnerAuthor Commented:
Question: before I execute a boot time scan, will a modern boot time av (ive got an ISO of TrendMicro recovery disk to use)  work booting this antiquated server?
andreasSystem AdminCommented:
Raid 5 can be scanned offline it its controlled via a hardware RAID controller. But in some cases the AV-Boot medium needs to support that very RAID controller board. But its worth a try in any case.
Eset supports  server 2000
best contact thenm for the raid compatibility though
Mark LitinOwnerAuthor Commented:
thanks, all.  I'm visiting the business today to test these out.
Mark LitinOwnerAuthor Commented:
Hi All

I have successfully used the pre-boot scan utility from ESet and then rebooted.  I'm still troubleshooting to allow a Datto backup to allow successful local virtualization using guidance from Datto.  I will now close the question.  thanks to all for your valuable insight.
Seth SimmonsSr. Systems AdministratorCommented:
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I have recommended this question be closed as follows:

-- Jose Ortega (https:#a42277808)
-- Dr. Klahn (https:#a42277896)

If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.

Experts-Exchange Cleanup Volunteer
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows OS

From novice to tech pro — start learning today.