Infected Server Cannot get to Antivirus Support Sites
Results 1 to 8 of 8

Thread: Infected Server Cannot get to Antivirus Support Sites

  1. #1
    Registered User
    Join Date
    Mar 2006
    Posts
    181

    Infected Server Cannot get to Antivirus Support Sites

    Greetings

    I have a domain controller file server running server 2003 r2. It was hit with what is being called the beebone trojan. It was apparently intriduced to this school server via a students usb flash drive. I have been able to run malwarebytes and spybot and they have found and cleaned some parts out but there is still a lot of damage. My first issue is not being able to access sites such as AVG, Avast, Symantec or even Microsoft updates. These sites are obviously being blocked by the infection.

    I am at my wits end on how to get this server to these sites so i can loads some server anti virus software.

    Can anybody geve me any pointers? Until I get this resolved the school is pretty much dead in the water.

    Thanks

    Chris

  2. #2
    Registered User Ferrit's Avatar
    Join Date
    Apr 2001
    Location
    Vancouver Island The Real Canada
    Posts
    4,952
    Cant you run antivirus off a USB stick?
    Many run off of that.
    http://www.techrepublic.com/blog/fiv...all-times/1572
    Are you the administrator?
    What antivirus is on the server to start with?
    Sometimes you can also use a portable browser to go to the av sites.
    http://portableapps.com/apps/internet/firefox_portable
    Last edited by Ferrit; May 14th, 2013 at 10:07 AM.
    Gigabyte 990FXA-UD3
    AMD FX 8350 4ghz OCTO-Core
    Windows 8.1 PRO 64
    Adata 256 gig SSD
    Kingston HyperX 1600 16 Gigs
    Sapphire R9 280 2gig
    Enermax Liberty Modular 620
    www.northernaurora.net
    http://www.northernaurora.net/page/chat.html

  3. #3
    Registered User
    Join Date
    Mar 2006
    Posts
    181
    I hadn't thought of that as I have never tried that. I will read through the link you sent.

    Yes I can login as admin.

    Thank you for such a prompt reply

  4. #4
    Registered User Niclo Iste's Avatar
    Join Date
    Oct 2007
    Location
    Pgh, PA
    Posts
    2,051
    You could also try the Kaspersky Rescue Disk which I think can be both USB or CD.

    I also suggest using a root kit removal utility such as one provided by malwarebytes.

    Finally, I personally like using the Emsisoft Rescue Kit's command line scanner to do a follow up scan in safe mode.
    One Script to rule them all.
    One Script to find them.
    One Script to bring them all,
    and clean up after itself.

  5. #5
    Registered User
    Join Date
    Mar 2006
    Posts
    181
    Thank you all

  6. #6
    Registered User nunob's Avatar
    Join Date
    Oct 2002
    Location
    Washington
    Posts
    597
    Most likely with this variant that other malware is being downloaded and installed as well. I would start by making sure you have a backup of the data before proceeding.

    First here is a list of Rootkit Scanners you can download and burn to CD or USB. - http://www.northernaurora.com/page/a...ools-links-r18

    Next here is a list of bootable CD's you can build on a functioning PC. - http://www.northernaurora.com/page/a...e-cds-list-r72

    And then a list of online scanners and free tools you can do the same with. - http://www.northernaurora.com/page/a...ools-links-r17

    Finally a list of Spyware tools. - http://www.northernaurora.com/page/a...ools-links-r19

    When you run the scans make sure the tools are updated to the newest versions you can get and run FULL SCAN's, not the QUICK or FLASH SCAN's.

    You will likely want to run some of the scans a few times to make sure the server is clean. Once you are relatively confident it is clean you need to uninstall all unnecessary programs, install a full Antivirus program, update all of the software remaining to the newest versions including Windows. You may want to research Group Policy and consider if you want students plugging flash drives into pc's or not. I personally consider them a Bring Your Own Device sorta unit that I can't insure is not infected so I prevent them from doing anything on any pc's or servers in our domain. At minimum you may want to get Auto Run disabled on the PC's.

    Post back your results and good luck.
    Last edited by nunob; May 14th, 2013 at 11:04 AM.
    Can't never did anything except whine about what he couldn't do.
    Do, or do not. There is no try.


    http://www.northernaurora.com/page/index.html
    http://www.northernaurora.com/page/chat.html Free Chat

  7. #7
    Registered User
    Join Date
    Mar 2006
    Posts
    181
    Again great thanks all. i am off to work on it soon and will write back.

    Chris

  8. #8
    Registered User
    Join Date
    Mar 2006
    Posts
    181
    Thank you all, after a 9 hour battle I (we) won. Server back online and clean.

Similar Threads

  1. FREE server antivirus?
    By Skywalker93 in forum Spyware & Antivirus - Security
    Replies: 2
    Last Post: September 13th, 2007, 11:10 PM
  2. Free Server antivirus/firewall
    By ilovetheusers in forum Tech-To-Tech
    Replies: 8
    Last Post: July 10th, 2003, 04:05 PM
  3. exchange server antivirus
    By amp10000 in forum Networking
    Replies: 13
    Last Post: January 9th, 2003, 01:36 AM
  4. Antivirus for NT Server
    By Skywalker93 in forum Spyware & Antivirus - Security
    Replies: 4
    Last Post: July 8th, 2001, 01:44 AM
  5. Replies: 1
    Last Post: August 14th, 2000, 11:05 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •