Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Server infected


  • Please log in to reply
No replies to this topic

#1 tg45

tg45

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 23 January 2014 - 11:01 AM

I recently started a position as IT Admin at a medium sized business. The business had been operating as a break/fix kind of IT environment, so it is a bit of a mess. They have mostly moved to virtual servers for their applicaitons, but there is a local server that is in rough shape. It is running Windows Server 2003 Standard x86. The OS corrupted itself because it was in a 10GB partition will only 100mb left. I have change the partition size, but I have not been able to completely repair the OS. sfc /scannow seems to do its job, but it always has to look for files on the install disk in the same place (I do have the disc), I have not yet tried to repair via booting to the disc. I would just do a wipe and reload, but they no longer have the application install disc and license for the application they use the server for. But now to the problem I need help with.

 

Our ISP have been telling us that we are sending spam. When we disconnect the server, no more spam is sent. The server will not boot to safe mode, it will try then reboot. I have run malwarebytes (nothing found), Kaspesky TDSS Killer (nothing found), Superantispyware (Malware.trace found in registry), and Hitmanpro (6 threats and a couple suspicious entries removed, sorry I didn't pay more attention). Hitmanpro now finds nothing, but when we reconnect the server, we get the spam messages. What step should I take next? Should I try and repair the server so I can boot to safe mode? Should I try booting to a rescue disc like Kaspersky?



BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users