Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Server 2003 and combofix


  • Please log in to reply
3 replies to this topic

#1 Ryan-CRI

Ryan-CRI

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 02 June 2009 - 10:46 AM

I am a computer tech and i regularly use combofix in specific cases to remove Smitfraud variants. Is it safe to run on a SBS 2003 server?

Thank you fot your assistance.

Edit: Moved topic from XP to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 Jetfly

Jetfly

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 02 June 2009 - 11:10 AM

Hard to say. Even though its the SBS version, it all depends on the software and services running on it. CF does a lot of funny stuff. Just 1 criticall app that gets corrupted will assure you a tough time. Could even affect hardware drivers for SCSI, RAID etc... I've heard of issues in the 64b dept...

I'd reccommend you to make a clone of the server on a VPC environment (or VMWare, even better). Install all the software just like in the real server, and hook it up to an sandbox hub/swutch. Then attempt combofix.

Test the critical services. If they run correctly, you will feel much more confident. Good luck and post back to let us know.

#3 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:04:23 AM

Posted 02 June 2009 - 01:30 PM

I'll give you the response I received from the author of ComboFix when I inquired for another member about using the tool in an Enterprise deployment. I feel it is applicable, in this case as well.

The tool isn't meant for the corporate environment. It will reset much of the machine's local policies to ms defaults.


The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#4 Ryan-CRI

Ryan-CRI
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 02 June 2009 - 01:49 PM

Thank you for the input. I was more concerned about the array still booting after the run. The rest i can rebuild in a relativly small period of time. I really appreciate all of the hard work everyone on this site puts into the cause. You all make my life easier.


Thank you to all

Ryan




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users