Help
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.
This topic is locked
Posted 24 June 2009 - 08:48 PM
We have a 2003 Standard Ed Server that was recently infected with the Sality virus. It corrupted the Symantec corp Ed 10d antivirus, and has caused problems with my .NET. I have am fairly IT literate, and have removed this infection off of other 2003 servers, but this one I can not get clean. I am able to run Malwarebytes, and Super Antispyware. They find the infection (Sality, and a Rootkit), and request reboot to delete, but it always re-infects. I run a Reg fix everytime I reboot to get into Safe Mode. I am unable to run alot of the recommended utilities because they will not run on Server 2003 (such as Combo fix). I have attempted to run the following tools:
Sality_off/ Sality-AVG/ Sality - Symantec/ Malwarebytes/ Super Antispyware/ Spybot/ stinger/ SDFix-asquared(only in normal mode command prompt)
I have deleted all *.tmp files, all related files in temporary folders. Reset IE to default. Disabled Print & File Sharing. Removed bogus svhost user account, and deleted files. All tools have been attempted in multiple Safe Mode reboots with network cables unplugged. I have ran sfc /scannow.
I can only work on this server after hours as we need it for our daily activities, and I am tired of spending my nights at work. I cannot run dds, but I will attach the logs for HJT, and the result logs from Malwarebytes, Super Antispyware, and a-squared, however I know there are alot of false positives in the a-squared log. Any advise would be greatly appreciated.
Sality_off/ Sality-AVG/ Sality - Symantec/ Malwarebytes/ Super Antispyware/ Spybot/ stinger/ SDFix-asquared(only in normal mode command prompt)
I have deleted all *.tmp files, all related files in temporary folders. Reset IE to default. Disabled Print & File Sharing. Removed bogus svhost user account, and deleted files. All tools have been attempted in multiple Safe Mode reboots with network cables unplugged. I have ran sfc /scannow.
I can only work on this server after hours as we need it for our daily activities, and I am tired of spending my nights at work. I cannot run dds, but I will attach the logs for HJT, and the result logs from Malwarebytes, Super Antispyware, and a-squared, however I know there are alot of false positives in the a-squared log. Any advise would be greatly appreciated.
Attached File(s)
-
HJT_LOG.txt (5.65K)
Number of downloads: 12 -
mbam_log_2009_06_24__10_01_56_.txt (1.03K)
Number of downloads: 4 -
SUPERAntiSpyware_Scan_Log___06_23_2009___18_52_08.log (2.68K)
Number of downloads: 2 -
asquared_Report.txt (49.59K)
Number of downloads: 12
This post has been edited by raditsga: 25 June 2009 - 11:03 AM
Back to top
