Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 2003 Small Business Server multiple iexplore.exe processes


  • Please log in to reply
1 reply to this topic

#1 B-Mass

B-Mass

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 09 February 2010 - 04:07 PM

I am working on a Windows 2003 Small Business Server. The server will using 2.03 GB of virtual memory and the processor will be running at 98% when no one is logged on. Many iexplore.exe processes are running under the administrator account. Approximately every 20 minutes a pop up with "http://cdn.optmd/com/?g=Af////8=&r/=whatismyip.com - Screensavers - Windows Internet Explorer" in the header appears. Malware bytes and a-squared find nothing but minor tracking cookies. Below is the Hijack This log.


EDIT: Removed log-not allowed in this forum-MG

Edited by garmanma, 10 February 2010 - 04:05 PM.


BC AdBot (Login to Remove)

 


#2 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:01:15 AM

Posted 09 February 2010 - 05:51 PM

You have this posted in the wrong section for Hiajckthis analysis. You need to post it in the correct location. However, since this is a potentially infected server, your best option is to reformat. Out removal team can only remove known infections, and the fact that you feel your server is infected is a strong argument for there being an infection that will not be detected. Servers are a favorite target for rootkits.

Additionally, if your anti-virus is finding tracking cookies, then you have been using your server to surf the web, which is a huge no-no. My suggestion, from someone who has run their own server for a few years now, reformat, lock down the box, and leave it as a server.

If you still want to get help, go here:
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users