Jump to content

Server Longhorn:


Recommended Posts

Guest Reimar
Posted

Got infected with some Spy on Windows Server "Longhorn"!

There some prog show up named: vexga8me6 which may is the Trojan.Downloader.Delf.AM! The effect is that the OS keep restarting and you can run in Safe Mode only for to cleanup, if a cleanup is possible anyway!

Searching on the net for a solution this morning it looks like that this is a very sad and bad infection but very difficult to clean as well!

I work on this right now and may someone here has some experiences wit it also. Any ifo will be appreciated, thanks.

Within the resaerch this morning I came to an Anti Virus program which runs right in the moment and find a lot Trojans (diff.) already! And I run the comp in Safe Mode!

The name of this prog is Cureit and you can get the free version here! The advantage for this special Freeware is, that it didn't need to be installed and run on all systems, include Server OS!

Take a look at the website where you can read also: "".......This utility can quickly clean an infected system, but it is not a permanent tool to cure your computer in case of infection. Its distribution on our web-site is always armed with the hottest add-ons to the Dr.Web virus database, but it does not include the Dr.Web Automatic Updating utility. Dr.Web CureIt! stays actual until the next release of the add-on. To scan your computer with the most up-to-date Dr.Web virus databases next time you should download new Dr.Web CureIt! package""

All other software for cleaning I have or downloaded, need to be installed and nearly all do not work with Server OS!

Again, any info will maybe help me to cleanup the system.

Thanks1

Posted

Unfortunately Dr Web's record for missing viruses is on par with AVG and some of the other low scoring AVs in lab tests.

Nod32 Kills this one. Get the 30 day trial and it should kill it off.

Guest Reimar
Posted
Unfortunately Dr Web's record for missing viruses is on par with AVG and some of the other low scoring AVs in lab tests.

Nod32 Kills this one. Get the 30 day trial and it should kill it off.

Nod32 do not works on server OS, I had try it already! :o

Just in the moment I've to try which can run on Server OS in Safe Mode! And there not much available! Dr.Web IS!

Guest Reimar
Posted
You try the server edition?

http://eset.com/products/workgroups.php

You need to do a boot scan I think.

Thanks cndvic, but unfortunatly I can't download a Trial Server Version from ESET! The Version I have incl. 2003 do NOT work on Server Longhorn!

Just the scan from Dr.Web was finished. Result: 35 more infections!

The scan from NOD32 on the different comp (took the HDD from Server to an XP comp) deleted 71 infections. After that CounterSpy deleted another 27 infections. The third, PREVX1 deleted 39 more and now Dr.Web 35!!

Not bad, not bad!!

May I need to format! But to first I'll try to get it back to work, it's anyway just a Test-Server!

Guest Reimar
Posted

cndvic:

looks like the Server works now, no any errors mor and all scans are clean! May Dr.Web work a bit better as it should(!) be?!

could you just do me a favour? Log on to my server and check out the connection and security? Thanks a lot.

Look at your Message Box I will send you the username and password to there.

Thanks again.

Posted
cndvic:

looks like the Server works now, no any errors mor and all scans are clean! May Dr.Web work a bit better as it should(!) be?!

could you just do me a favour? Log on to my server and check out the connection and security? Thanks a lot.

Look at your Message Box I will send you the username and password to there.

Thanks again.

Invalid username/password

Guest Reimar
Posted
cndvic:

looks like the Server works now, no any errors mor and all scans are clean! May Dr.Web work a bit better as it should(!) be?!

could you just do me a favour? Log on to my server and check out the connection and security? Thanks a lot.

Look at your Message Box I will send you the username and password to there.

Thanks again.

Invalid username/password

I checked via local connection, works fine! Will try by Dial up because I have 1 ADSL only hereand have to use Dialu up for the connection to the existing system if I would like to check the connection via a phone line.

But the username and Password I send by PM work for local!

Will keep you informed.

Thanks

Guest Reimar
Posted

Hi cndvic,

just checked via Dial up: OK! and via a Friend: OK

Cpould you please check again?

Thanks

Reimar

Guest Reimar
Posted
Invalid username or password. Please click here to try again.

Hi cndvic,

there's something I do NOT understand:

1. logon via Dial up from a Laptop: OK

2. logon via a friends Network: OK

3. logon via a remote computer on diff. Network: OK

I can access all accounts without any problems!

Do you type the logon correctly, in ALL small letters?

Can you try also: down and down + test1 and test1

Thanks and cheers

Reimar

Posted

The others work smoothly, but mine still is invalid.

Maybe the server has heard of me from other web apps, and thinks I'm a jerk :o

Guest Reimar
Posted
The others work smoothly, but mine still is invalid.

Maybe the server has heard of me from other web apps, and thinks I'm a jerk :o

Thanks a lot! I've seen you was online because of the IP!

Question: What keyboard you us? Because of the display at ThaiVisa which is also wrong! May that's the problem?!

If I logon I can go true at all!So, it isn't a problem with name and password!

But again, thanks a lot and the server is back online and works!

May you check out DrWeb because after I use that prog I was able to start the server normally. May they improove a lot. But the good feature of that prog is it can run from USB-Stck as well too! and even on Server OS and in SafeMode. Both is very usefull I do believe.

Cheers

Posted

That did not take to long before they get the newest version of Microsoft server, why this people do this. Can they not find anything better to do with there computer known-how.....

Posted

I'm curious as to how it got infected that badly. I haven't had half that many warnings in the past four years, let alone any infections. What are people doing with that server?

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...