Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Server 2008 r2 with recovery Malware


  • Please log in to reply
1 reply to this topic

#1 Todd Getz

Todd Getz

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 09 June 2011 - 08:03 AM

I have a client that in their infinite wisdome used their server to surf the internet and got the Windows Recovery Malware. I have removed the malware but now I am faced with the issue of all icons are hidden including in the start menu and the administrative tools. On a workstation I would have just run combofix to resolve this issue. This is not an option to my knowledge on server. Can anyone provide some insight in to how combofix is able to recover these files and how to do the process on server 2008r2? This is an Remote Desktop Services server with a very complex config making a wipe and reload not really possible. I have now disabled web browsing on the server, hindsight and all that.

BC AdBot (Login to Remove)

 


#2 jedfred

jedfred

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 05 March 2012 - 01:37 PM

I have the same problem. I wish there was a way of boot from a clean boot such as a usb drive or cd and see a raid array and run combofix from there and clean if you have any solutions let me know




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users