-
May 14th, 2013, 09:55 AM
#1
Infected Server Cannot get to Antivirus Support Sites
Greetings
I have a domain controller file server running server 2003 r2. It was hit with what is being called the beebone trojan. It was apparently intriduced to this school server via a students usb flash drive. I have been able to run malwarebytes and spybot and they have found and cleaned some parts out but there is still a lot of damage. My first issue is not being able to access sites such as AVG, Avast, Symantec or even Microsoft updates. These sites are obviously being blocked by the infection.
I am at my wits end on how to get this server to these sites so i can loads some server anti virus software.
Can anybody geve me any pointers? Until I get this resolved the school is pretty much dead in the water.
Thanks
Chris
-
May 14th, 2013, 10:00 AM
#2
Registered User
Cant you run antivirus off a USB stick?
Many run off of that.
http://www.techrepublic.com/blog/fiv...all-times/1572
Are you the administrator?
What antivirus is on the server to start with?
Sometimes you can also use a portable browser to go to the av sites.
http://portableapps.com/apps/internet/firefox_portable
Last edited by Ferrit; May 14th, 2013 at 10:07 AM.
-
May 14th, 2013, 10:02 AM
#3
I hadn't thought of that as I have never tried that. I will read through the link you sent.
Yes I can login as admin.
Thank you for such a prompt reply
-
May 14th, 2013, 10:20 AM
#4
Registered User
You could also try the Kaspersky Rescue Disk which I think can be both USB or CD.
I also suggest using a root kit removal utility such as one provided by malwarebytes.
Finally, I personally like using the Emsisoft Rescue Kit's command line scanner to do a follow up scan in safe mode.
One Script to rule them all.
One Script to find them.
One Script to bring them all,
and clean up after itself.
-
May 14th, 2013, 10:35 AM
#5
-
May 14th, 2013, 10:52 AM
#6
Registered User
Most likely with this variant that other malware is being downloaded and installed as well. I would start by making sure you have a backup of the data before proceeding.
First here is a list of Rootkit Scanners you can download and burn to CD or USB. - http://www.northernaurora.com/page/a...ools-links-r18
Next here is a list of bootable CD's you can build on a functioning PC. - http://www.northernaurora.com/page/a...e-cds-list-r72
And then a list of online scanners and free tools you can do the same with. - http://www.northernaurora.com/page/a...ools-links-r17
Finally a list of Spyware tools. - http://www.northernaurora.com/page/a...ools-links-r19
When you run the scans make sure the tools are updated to the newest versions you can get and run FULL SCAN's, not the QUICK or FLASH SCAN's.
You will likely want to run some of the scans a few times to make sure the server is clean. Once you are relatively confident it is clean you need to uninstall all unnecessary programs, install a full Antivirus program, update all of the software remaining to the newest versions including Windows. You may want to research Group Policy and consider if you want students plugging flash drives into pc's or not. I personally consider them a Bring Your Own Device sorta unit that I can't insure is not infected so I prevent them from doing anything on any pc's or servers in our domain. At minimum you may want to get Auto Run disabled on the PC's.
Post back your results and good luck.
Last edited by nunob; May 14th, 2013 at 11:04 AM.
-
May 14th, 2013, 11:42 AM
#7
Again great thanks all. i am off to work on it soon and will write back.
Chris
-
May 15th, 2013, 11:08 AM
#8
Thank you all, after a 9 hour battle I (we) won. Server back online and clean.
Similar Threads
-
By Skywalker93 in forum Spyware & Antivirus - Security
Replies: 2
Last Post: September 13th, 2007, 11:10 PM
-
By ilovetheusers in forum Tech-To-Tech
Replies: 8
Last Post: July 10th, 2003, 04:05 PM
-
By amp10000 in forum Networking
Replies: 13
Last Post: January 9th, 2003, 01:36 AM
-
By Skywalker93 in forum Spyware & Antivirus - Security
Replies: 4
Last Post: July 8th, 2001, 01:44 AM
-
Replies: 1
Last Post: August 14th, 2000, 11:05 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Bookmarks