BleepingComputer.com: Server 2003 and combofix

Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Server 2003 and combofix

#1 User is offline   Ryan-CRI 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 2
  • Joined: 02-June 09

Posted 02 June 2009 - 10:46 AM

I am a computer tech and i regularly use combofix in specific cases to remove Smitfraud variants. Is it safe to run on a SBS 2003 server?

Thank you fot your assistance.

Edit: Moved topic from XP to the more appropriate forum. ~ Animal

#2 User is offline   Jetfly 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 6
  • Joined: 02-June 09

Posted 02 June 2009 - 11:10 AM

Hard to say. Even though its the SBS version, it all depends on the software and services running on it. CF does a lot of funny stuff. Just 1 criticall app that gets corrupted will assure you a tough time. Could even affect hardware drivers for SCSI, RAID etc... I've heard of issues in the 64b dept...

I'd reccommend you to make a clone of the server on a VPC environment (or VMWare, even better). Install all the software just like in the real server, and hook it up to an sandbox hub/swutch. Then attempt combofix.

Test the critical services. If they run correctly, you will feel much more confident. Good luck and post back to let us know.

#3 User is offline   Animal 

  • Bleepin' Animinion
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Site Admin
  • Posts: 17,988
  • Joined: 18-August 05
  • Gender:Male
  • Location:Location, Location

Posted 02 June 2009 - 01:30 PM

I'll give you the response I received from the author of ComboFix when I inquired for another member about using the tool in an Enterprise deployment. I feel it is applicable, in this case as well.

Quote

The tool isn't meant for the corporate environment. It will reset much of the machine's local policies to ms defaults.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown
Posted Image
A learning experience is one of those things that say, "You know that thing you just did? Don't do that." — Douglas Adams.
Why is the word abbreviation so long?
Follow BleepingComputer on: Facebook | Twitter | Google+

#4 User is offline   Ryan-CRI 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 2
  • Joined: 02-June 09

Posted 02 June 2009 - 01:49 PM

Thank you for the input. I was more concerned about the array still booting after the run. The rest i can rebuild in a relativly small period of time. I really appreciate all of the hard work everyone on this site puts into the cause. You all make my life easier.


Thank you to all

Ryan

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users