Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Defacement Hack


  • This topic is locked This topic is locked
8 replies to this topic

#1 eRP_Support

eRP_Support

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:36 PM

Posted 06 February 2010 - 07:23 PM

I have a server (win2000) {I know, I know, need to get it to 2008!) that recently started getting ASP pages added and then today my index.asp got defaced in spanish. Noticed a reference to Zone H, but the rest of the code looks like brazilian stuff.

I have attached my Hijack This log as well as my DDS text file below. I can add the dds.attach if you need it. Have zipped up all of the HTML and ASP files that have been getting added then I delete them from my machine. Some days later, new page names with similar type encoding show up. Today they did my index.asp and added a page called monter.asp. I have those available if you need them.

I have McAfee Anti-Virus, Super-AntiSpyware and Spybot SD installed, but I am missing something. Appreciate all of your help

Dave Slattery
dave@removed to protect from spambots. ~ OB


HIJACK THIS LOG
=========================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:06:15 AM, on 2/7/2010
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\AutoMate 6\AMTS.exe
C:\Compaq\vcagent\vcagent.exe
C:\WINNT\System32\svchost.exe
C:\iFtpSvc\iFtpSvc.exe
C:\WINNT\System32\llssrv.exe
D:\Program Files\McAfee\Common Framework\FrameworkService.exe
D:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
D:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
D:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\snmp.exe
C:\compaq\survey\Surveyor.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\CPQNiMgt\cpqnimgt.exe
C:\WINNT\System32\CpqRcmc.exe
C:\WINNT\System32\CPQMgmt\CqMgServ\cqmgserv.exe
C:\WINNT\System32\CPQMgmt\CqMgStor\cqmgstor.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\System32\sysdown.exe
C:\WINNT\System32\CPQMgmt\CqMgHost\cqmghost.exe
C:\WINNT\System32\CPQMgmt\cpqwmgmt.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\logon.scr
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\rdpclip.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\cpqteam.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\rdpclip.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\cpqteam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
O2 - BHO: PopupFilter Class - {1F2E844B-8211-46ff-8262-772F03295CF4} - D:\Program Files\Aladdin Systems\Internet Cleanup\PopFiltr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - D:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O4 - HKLM\..\Run: [CPQTEAM] cpqteam.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "D:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [AutoMate6] C:\Program Files\AutoMate 6\AMEM.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124247248531
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ERPAPPSVRS.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{0292ECF3-BC57-41CB-B37F-934F93BDC01A}: NameServer = 209.11.240.35,209.11.240.36
O17 - HKLM\System\CCS\Services\Tcpip\..\{E635C434-F716-4C97-9A2B-D593DFF08EB3}: NameServer = 206.194.127.121,206.194.127.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ERPAPPSVRS.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{0292ECF3-BC57-41CB-B37F-934F93BDC01A}: NameServer = 209.11.240.35,209.11.240.36
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ERPAPPSVRS.local
O17 - HKLM\System\CS2\Services\Tcpip\..\{0292ECF3-BC57-41CB-B37F-934F93BDC01A}: NameServer = 209.11.240.35,209.11.240.36
O23 - Service: AutoMate 6 (AutoMate6) - Network Automation, Inc. - C:\Program Files\AutoMate 6\AMTS.exe
O23 - Service: HP Insight NIC Agent (CpqNicMgmt) - Hewlett-Packard Company - C:\WINNT\System32\CPQNiMgt\cpqnimgt.exe
O23 - Service: Compaq Remote Monitor Service (CpqRcmc) - Compaq - C:\WINNT\System32\CpqRcmc.exe
O23 - Service: Version Control Agent (cpqvcagent) - Hewlett-Packard Company - C:\Compaq\vcagent\vcagent.exe
O23 - Service: HP Insight Web Agent (CpqWebMgmt) - HP Corporation - C:\WINNT\System32\CPQMgmt\cpqwmgmt.exe
O23 - Service: HP Insight Foundation Agent (CqMgHost) - Hewlett-Packard Company - C:\WINNT\System32\CPQMgmt\CqMgHost\cqmghost.exe
O23 - Service: HP Insight Server Agents (CqMgServ) - Hewlett-Packard Company - C:\WINNT\System32\CPQMgmt\CqMgServ\cqmgserv.exe
O23 - Service: HP Insight Storage Agents (CqMgStor) - Hewlett-Packard Company - C:\WINNT\System32\CPQMgmt\CqMgStor\cqmgstor.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Ipswitch WS_FTP Server (iFtpSvc) - Ipswitch, Inc. 81 Hartwell Ave. Lexington MA. 02421 - C:\iFtpSvc\iFtpSvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - D:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - D:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - D:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: MySQL - Unknown owner - D:\Program.exe (file missing)
O23 - Service: Surveyor - Hewlett-Packard Development Group, L.P. - C:\compaq\survey\Surveyor.EXE
O23 - Service: HP ProLiant System Shutdown Service (sysdown) - Compaq Computer Corporation - C:\WINNT\System32\sysdown.exe

--
End of file - 6017 bytes
================================================================================


DDS Text File Contents
================================================================================


DDS (Ver_09-12-01.01) - NTFSx86
Run by Administrator at 11:09:59.00 on Sun 02/07/2010
Internet Explorer: 6.0.2800.1106
Microsoft Windows 2000 Server 5.0.2195.4.1252.1.1033.18.3920.3178 [GMT 10:00]


============== Running Processes ===============

C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\AutoMate 6\AMTS.exe
C:\Compaq\vcagent\vcagent.exe
C:\iFtpSvc\iFtpSvc.exe
C:\WINNT\System32\llssrv.exe
D:\Program Files\McAfee\Common Framework\FrameworkService.exe
D:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
D:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
D:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\snmp.exe
C:\compaq\survey\Surveyor.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\CPQNiMgt\cpqnimgt.exe
C:\WINNT\System32\CpqRcmc.exe
C:\WINNT\System32\CPQMgmt\CqMgServ\cqmgserv.exe
C:\WINNT\System32\CPQMgmt\CqMgStor\cqmgstor.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\System32\sysdown.exe
C:\WINNT\System32\CPQMgmt\CqMgHost\cqmghost.exe
C:\WINNT\System32\CPQMgmt\cpqwmgmt.exe
C:\WINNT\system32\logon.scr
C:\WINNT\system32\rdpclip.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\cpqteam.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINNT\system32\rdpclip.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\cpqteam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
D:\Tools\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.cnn.com/
BHO: PopupFilter Class: {1f2e844b-8211-46ff-8262-772f03295cf4} - d:\program files\aladdin systems\internet cleanup\PopFiltr.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - d:\program files\mcafee\virusscan enterprise\scriptcl.dll
uRun: [SpybotSD TeaTimer] d:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] d:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [CPQTEAM] cpqteam.exe
mRun: [McAfeeUpdaterUI] "d:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [ShStatEXE] "d:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [AutoMate6] c:\program files\automate 6\AMEM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-explorer: ShowSuperHidden = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\winnt\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124247248531
TCP: {0292ECF3-BC57-41CB-B37F-934F93BDC01A} = 209.11.240.35,209.11.240.36
TCP: {E635C434-F716-4C97-9A2B-D593DFF08EB3} = 206.194.127.121,206.194.127.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, pwdssp.dll
LSA: Notification Packages = FPNWCLNT RASSFM KDCSVC scecli
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 cpqcissm;cpqcissm;c:\winnt\system32\drivers\cpqcissm.sys [2005-3-2 15760]
R0 DfsDriver;DfsDriver;c:\winnt\system32\drivers\dfs.sys [1980-1-1 74448]
R0 LsiCsb6;LsiCsb6;c:\winnt\system32\drivers\LsiCsb6.sys [1980-1-1 162327]
R1 mferkdk;VSCore mferkdk;d:\program files\mcafee\virusscan enterprise\mferkdk.sys [2009-1-27 31848]
R1 SASDIFSV;SASDIFSV;d:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968]
R1 SASKUTIL;SASKUTIL;d:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 72944]
R2 CpqWebMgmt;HP Insight Web Agent;c:\winnt\system32\cpqmgmt\cpqwmgmt.exe [2003-6-13 20518]
R2 McAfeeFramework;McAfee Framework Service;d:\program files\mcafee\common framework\FrameworkService.exe [2009-2-13 104000]
R2 McShield;McAfee McShield;d:\program files\mcafee\virusscan enterprise\Mcshield.exe [2009-1-27 144704]
R2 McTaskManager;McAfee Task Manager;d:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2009-1-27 54608]
R2 NntpSvc;Network News Transport Protocol (NNTP);c:\winnt\system32\inetsrv\inetinfo.exe [2005-3-2 14608]
R3 cpqasm2;HP ProLiant iLO Advanced System Management Controller;c:\winnt\system32\drivers\cpqasm2.sys [2005-3-2 268288]
R3 CpqCiDrv;HP Integrated Lights-Out;c:\winnt\system32\drivers\CpqCiDrv.sys [2005-3-2 19440]
R3 CPQCISSE;CPQCISSE;c:\winnt\system32\drivers\CPQCISSE.SYS [2005-3-2 58832]
R3 mfeavfk;McAfee Inc.;c:\winnt\system32\drivers\mfeavfk.sys [2009-2-13 73512]
R3 mfebopk;McAfee Inc.;c:\winnt\system32\drivers\mfebopk.sys [2009-2-13 34408]
R3 mfehidk;McAfee Inc.;c:\winnt\system32\drivers\mfehidk.sys [2009-2-13 177864]
R3 openhci;Microsoft USB Open Host Controller Driver;c:\winnt\system32\drivers\openhci.sys [1980-1-1 24784]
R3 q57w2k;HP NC7781 Gigabit Server Adapter;c:\winnt\system32\drivers\q57w2k.sys [2005-3-2 104818]
R3 SASENUM;SASENUM;d:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408]
R3 spud;Special Purpose Utility Driver;c:\winnt\system32\drivers\spud.sys [2005-3-2 12336]
R3 sysmgmt;HP ProLiant System Management Interface Driver;c:\winnt\system32\drivers\sysmgmt.sys [2005-3-2 2432]
S3 CNMPROT;Network Management Protocol Driver;c:\winnt\system32\drivers\cnmprot.sys [2003-5-22 14592]
S3 CPQTeam;HP Network Teaming and Configuration;c:\winnt\system32\drivers\cpqteam.sys [2005-3-2 89728]
S3 TDASYNC;TDASYNC;c:\winnt\system32\drivers\tdasync.sys [2005-3-1 12664]
S3 TDIPX;TDIPX;c:\winnt\system32\drivers\tdipx.sys [2005-3-1 20760]
S3 TDNETB;TDNETB;c:\winnt\system32\drivers\tdnetb.sys [2005-3-1 18392]
S3 TDSPX;TDSPX;c:\winnt\system32\drivers\tdspx.sys [2005-3-1 18264]
S3 TrkSvr;Distributed Link Tracking Server;c:\winnt\system32\SERVICES.EXE [1980-1-1 92944]
S4 IsmServ;Intersite Messaging;c:\winnt\system32\ismserv.exe [2005-3-2 25872]
S4 kdc;Kerberos Key Distribution Center;c:\winnt\system32\LSASS.EXE [1980-1-1 33552]
S4 MegaIDE;MegaIDE;c:\winnt\system32\drivers\MegaIDE.sys [1980-1-1 38938]
S4 NtFrs;File Replication Service;c:\winnt\system32\ntfrs.exe [2005-3-2 745232]
S4 PortTunnel;PortTunnel;"c:\winnt\system32\config\svchost.exe" /run_service --> c:\winnt\system32\config\svchost.exe [?]

=============== Created Last 30 ================

2010-02-05 19:24:31 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_670.dat
2010-02-05 19:24:24 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_4dc.dat
2010-01-28 18:26:49 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_494.dat
2010-01-28 01:49:40 0 d-----w- c:\winnt\637825A5A60444EA9DD313F0EED14D71.TMP
2010-01-28 01:49:29 0 d-----w- c:\docume~1\admini~1.000\applic~1\Aladdin Systems
2010-01-28 01:49:01 0 d-----w- c:\program files\Aladdin Systems
2010-01-28 00:52:32 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_49c.dat
2010-01-28 00:28:05 0 d-----w- c:\program files\Trend Micro
2010-01-12 06:23:26 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_480.dat

==================== Find3M ====================

2010-02-06 14:00:01 595 ----a-w- c:\docume~1\admini~1.000\applic~1\WWB7_32.DAT
2009-12-30 04:55:24 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2009-12-30 04:54:58 18520 ----a-w- c:\winnt\system32\drivers\mbam.sys
2009-12-20 07:20:46 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_460.dat
2009-12-16 06:25:46 576512 ----a-w- c:\winnt\system32\WININET.DLL
2005-03-01 20:29:01 271 ---ha-w- c:\program files\desktop.ini
2005-03-01 20:29:01 21952 ---ha-w- c:\program files\folder.htt
2001-05-08 12:00:00 32528 ----a-w- c:\winnt\inf\wbfirdma.sys

============= FINISH: 11:11:03.96 ===============


Again, thanks for all your help

Edited by Orange Blossom, 06 February 2010 - 09:19 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:36 PM

Posted 13 February 2010 - 08:23 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Let's run a rootkit scanner.

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
Posted Image
m0le is a proud member of UNITE

#3 eRP_Support

eRP_Support
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:36 PM

Posted 15 February 2010 - 01:17 PM

Hello,

Thanks for your help on this. I am just back from being out of town and am ready to go.

Dave

#4 eRP_Support

eRP_Support
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:36 PM

Posted 15 February 2010 - 01:21 PM

Apologize for making this more difficult, but it is a production server that I can only access using Terminal Services. That means that I cannot stop using the computer or disconnect it from the internet. Will running GMER in that way hinder the process? If so, I will need to schedule a trip out to my data center to do this locally as the administrator.

Thanks.

Dave

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:36 PM

Posted 15 February 2010 - 02:23 PM

It will hinder Gmer, which needs to be disconnected to scan.

Sorry whistling.gif
Posted Image
m0le is a proud member of UNITE

#6 eRP_Support

eRP_Support
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:36 PM

Posted 15 February 2010 - 04:39 PM

I can get at the server over the weekend I think, can we keep the topic open and I can resend the info after I have had a chance to do that?

Thanks again for all your help.

Dave

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:36 PM

Posted 15 February 2010 - 06:58 PM

Yes, no problem there thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:36 PM

Posted 20 February 2010 - 07:06 AM

Just checking that you are still there, eRP_Support
Posted Image
m0le is a proud member of UNITE

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:36 PM

Posted 21 February 2010 - 07:42 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. smile.gif

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users