Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SBS03 Server Infected


  • Please log in to reply
1 reply to this topic

#1 Psyotik

Psyotik

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 16 January 2013 - 03:36 PM

We just picked up a new client and they are very small. A single SBS03 server with 2 workstations.

They are all infected. I was able to backup all of the data from the server and workstations, disconnected them from the network and ran combofix, tdsskiller, mbam, mbar, adwcleaner, etc. And appear to be running great.

However with this server we are a little worried since we do not have a good image, or any of the software required for a reinstall. Nor does the client have the money to pay us for a reinstall and configuration of this server.

I have run MBAM on the server and only returned a few regkey infections. I have also run TDSS killer and it claims the sbscrexe.exe file in C:\Windows\System32 folder is infected.

We have not run any other scans on the server in fear that it will not boot after removal. I am unable to run DDS also because this is a server.

Thoughts?

BC AdBot (Login to Remove)

 


#2 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:15 AM

Posted 17 January 2013 - 04:15 PM

:exclame: Company Computers

Since this is a company computer, you may need to obtain permission to carry out the steps I give to you. We will be making system-wide changes to this computer which may be against your company's IT policy. Such action may result in disciplinary action being taken against you. I must stress that I, in no way, accept liability for this or for any unforeseen eventuality as a result of the instructions I give you (including, but not limited to, data loss).

In addition, if your company has an IT support infrastructure I urge you to contact them to resolve your issue - it's what they're paid to do; whereas I volunteer.

In order to continue to receive my help I would like you to confirm that you have the authority to work on the PC and that you accept my conditions.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users