Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

win32.pmax on sever 2003


  • Please log in to reply
1 reply to this topic

#1 endythegreat

endythegreat

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:09 PM

Posted 08 November 2011 - 10:45 AM

Tdsskiller detects but does not remove. I've seen this on PC's and had to reload them. I have an acronis backup device which I already restored the C: drive to an earlier date. This did not solve the issue. Any idea on how to manually remove this? The infection causes malwarebytes and any other virus removal tool besides tdss to crash in a matter of seconds. The example process running which is a system process and can't be stopped is 3423423545:3243.exe

All random numbers. Has anyone successfully seen and removed this from server 2003?

BC AdBot (Login to Remove)

 


#2 endythegreat

endythegreat
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:09 PM

Posted 08 November 2011 - 10:58 AM

Just more info server is running sbs 2003. I really would like to not have to nuke and reload this box. Anybody have any info on how this thing infects as well? When I did do the restore it was fine until after a reboot. Malwarebytes ran, found 20 items. After the reboot the rootkit re-appeared.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users