Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows home server infected


  • Please log in to reply
No replies to this topic

#1 4CNC

4CNC

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 28 August 2010 - 04:24 AM

Hi

This my first post to this forum. I have an infected Windows Home Server. I suspect a rootkit.

I have intalled a registered copy of Malwarebytes, realtime protection and website blocking is enabled.

A scan reveals nothing, but the real time blocking is blocking an attempted connection to a suspect website when I open a browser window (using remote desktop from a laptop).

As soon as I log on to the server my ADSL router emails me a security alert to warn of DOS (denial of service) attacks pointed to the WHS at 192.168.1.100 port 18837 example below:-

UDP Packet - Source:180.71.23.48,18122 Destination:192.168.1.100,18837 - [DOS]
UDP Packet - Source:82.5.1.137,6881 Destination:192.168.1.100,18837 - [DOS]
UDP Packet - Source:58.114.228.52,24491 Destination:192.168.1.100,18837 - [DOS]
UDP Packet - Source:217.164.186.23,43927 Destination:192.168.1.100,18837 - [DOS]
UDP Packet - Source:113.199.207.196,24997 Destination:192.168.1.100,18837 - [DOS]
UDP Packet - Source:79.191.149.175,29631 Destination:192.168.1.100,18837 - [DOS]
UDP Packet - Source:58.182.25.189,37847 Destination:192.168.1.100,18837 - [DOS]
UDP Packet - Source:91.185.113.186,29015 Destination:192.168.1.100,18837 - [DOS]
UDP Packet - Source:94.142.56.87,13524 Destination:192.168.1.100,18837 - [DOS]
UDP Packet - Source:110.14.236.88,51413 Destination:192.168.1.100,18837 - [DOS]

My home server has one system disk and three 500GB data disks in native mode that WHS is managing.

What should I do next?

I am considering putting in a new clean system disk and re-installing WHS leaving the data disks in place. Will that remove remove the rootkit completely, or do I run the risk that whatever put it there is lurking somewhere on the data disks?

Or is there anyting else that will remove the rootkit from the WHS?

Thanks

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users