I am running MS Small Businss server 2003 with Symantec Corporate Anti-Virus 10.0.My Watchguard Edge Firewall died 3 weeks ago and by the time I got the replacement I had been hacked and my server is now being used as a file server hosting a 800mb file which I cannot remover because I do not have access so it says. My antivirus has found a "Backdoor.Trojan" but it tells me it has been "left alone". Started in safe mode and ran it again but with no luck in removing it.Watchguard people tell me nothing can get through but I see the file being modified daily.I had access to the firewall one day and the next my password was not working. Strange. How can I remove the file and how can I remove the backdoor trojan?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Backdoor.Trojan has 2003 Small Business Server acting as a file server
- Thread starter tmaslanka
- Start date
erikhertzel
MIS
There are three products that I would recommend using to get rid of the pest. Read below. You may consider a format (back up your data first) and reinstall since this was a production server, I assume. But, that is up to you. Read below.
Also, try taking ownership and get admin access to the 800 MB file to delete it. Also, try this tool on it if that doesn't work:
Webroot Spysweeper
Download it here:
Webroot Spysweeper 14 day Trial
Update the defs and do a sweep.
Check out this nice product:
Super Antispyware
Update it and run and run a complete scan.
Also check this out:
Ewido download:
Update it and run a complete scan.
I would also check it with some other virus scanners just to make sure.
Best regards.
Erik
Also, try taking ownership and get admin access to the 800 MB file to delete it. Also, try this tool on it if that doesn't work:
Webroot Spysweeper
Download it here:
Webroot Spysweeper 14 day Trial
Update the defs and do a sweep.
Check out this nice product:
Super Antispyware
Update it and run and run a complete scan.
Also check this out:
Ewido download:
Update it and run a complete scan.
I would also check it with some other virus scanners just to make sure.
Best regards.
Erik
tmaslanka, if you haven't already solved your problem try the following:
Block outgoing traffic from the server to any other location, do this at the firewall. If the Trojan is initiating the connection to an external machine, your inbound rules won't do much to help you. You'll only need to do this until you manage to get rid of the Trojan.
Once that is secured, try downloading a Norton update on another machine with internet access and transfering it to the server. Make sure Norton is up to date and then run a full scan. If you have no success with Norton, try out a free trial of Grisoft's AVG (
Hope you have some luck.
Russell.
Carlsberg don't run I.T departments, but if they did they'd probably be more fun.
Block outgoing traffic from the server to any other location, do this at the firewall. If the Trojan is initiating the connection to an external machine, your inbound rules won't do much to help you. You'll only need to do this until you manage to get rid of the Trojan.
Once that is secured, try downloading a Norton update on another machine with internet access and transfering it to the server. Make sure Norton is up to date and then run a full scan. If you have no success with Norton, try out a free trial of Grisoft's AVG (
Hope you have some luck.
Russell.
Carlsberg don't run I.T departments, but if they did they'd probably be more fun.
porkchopexpress
IS-IT--Management
Als try these two free apps to track down what is accessing the file.
Filemon
Process Explorer (This gives detailed info on what processes are accessing which files)
Filemon
Process Explorer (This gives detailed info on what processes are accessing which files)
check this out. Symantec may have help on their site.
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question