 W32.Sality.X on Server 2003! |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  Jun 24 2009, 08:48 PM
Post
#1
|
|
|
New Member  Group: Members Posts: 1 Joined: 17-June 09 Member No.: 342,809  |
We have a 2003 Standard Ed Server that was recently infected with the Sality virus. It corrupted the Symantec corp Ed 10d antivirus, and has caused problems with my .NET. I have am fairly IT literate, and have removed this infection off of other 2003 servers, but this one I can not get clean. I am able to run Malwarebytes, and Super Antispyware. They find the infection (Sality, and a Rootkit), and request reboot to delete, but it always re-infects. I run a Reg fix everytime I reboot to get into Safe Mode. I am unable to run alot of the recommended utilities because they will not run on Server 2003 (such as Combo fix). I have attempted to run the following tools:
Sality_off/ Sality-AVG/ Sality - Symantec/ Malwarebytes/ Super Antispyware/ Spybot/ stinger/ SDFix-asquared(only in normal mode command prompt) I have deleted all *.tmp files, all related files in temporary folders. Reset IE to default. Disabled Print & File Sharing. Removed bogus svhost user account, and deleted files. All tools have been attempted in multiple Safe Mode reboots with network cables unplugged. I have ran sfc /scannow. I can only work on this server after hours as we need it for our daily activities, and I am tired of spending my nights at work. I cannot run dds, but I will attach the logs for HJT, and the result logs from Malwarebytes, Super Antispyware, and a-squared, however I know there are alot of false positives in the a-squared log. Any advise would be greatly appreciated. This post has been edited by raditsga: Jun 25 2009, 11:03 AM
Attached File(s)
HJT_LOG.txt ( 5.65k )
Number of downloads: 5
mbam_log_2009_06_24__10_01_56_.txt ( 1.03k )
Number of downloads: 2
SUPERAntiSpyware_Scan_Log___06_23_2009___18_52_08.log ( 2.68k )
Number of downloads: 0
asquared_Report.txt ( 49.59k )
Number of downloads: 2 |
 |
 
|
Posts in this topic
raditsga W32.Sality.X on Server 2003! Jun 24 2009, 08:48 PM
_temp_ Hello and welcome to Bleeping Computer
We apologi... Jun 29 2009, 10:11 AM
teacup61 Due to the lack of feedback this Topic is closed.
... Jul 4 2009, 03:32 AM  |
2 User(s) are reading this topic (2 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 24th November 2009 - 04:15 PM |
© 2003-2009 All Rights Reserved Bleeping Computer LLC.