Exchange 5.5, serious problem... 1

[Valier]

Hi all

We had some virus problem, an internet dialer called "delsim". After some work we managed to get rid of it, but after that we can´t send external mails. Incoming from outside senders works, and all internal mail works.
But nothing leaves the house.

We can also not connect to internet on the mailserver.
(all other clients can surf, though, and our other servers too) Internet Explorer starts, but will never show web page.

Internet surfing works in safe mode, but Exchange doesn´t run in safe mode of course.

Inside Exchange/connections/internet mail/ the "queue" tab only show a greyed out "queue-view".

Of course I haven´t made any changes in Exchange.
The "only" thing we did was to kill virus.

Where can we find the solution?
Where can I start?

Reinstalling Exchange with all patches and stuff is not my first option.

Please help

Mike, Stockholm.

 

[zbnet]

Sounds like this nasty really messed with your Exchange server. Are you sure you've completely removed all traces of its presence?

The simplest way to solve your existing problem would be to remove and then reinstall the IMS. Make sure you note down all the settings first.

 

[Valier]

Thanks zbnet, you are truly great.

That sounds easy, but how do I start?
Is it just the settings under "connections/internet mail service" that I need to note?
If I screen dump all the tabs - is that enough for everyting to be shown?

I think I remember that it´s easy to delete the service, is it as easy to create a new one?

Can it be something wrong with the routing?

Would it be possible to keep the old IMS connector, note everything down, and just delete field for field and rewrite the information, or do you think the connector is really bad and should never more be seen?

And, no, we don´t know that we really got rid of the virus, we don´t really know if it was the virus or the anti-virus did this to us.

 

[zbnet]

There are some IMS settings that are only set in the registry, so it depends on who set this up and how long ago, but most of them are pretty obscure (like ResolveP2), and easy to correct afterwards. Screen-shoting the tabs with config on them should get you back within 98% of the config.

If you want to play with routing before you blow the IMS away and recreate, I guess you've got nothing to lose.

If you do delete it, then recreating is pretty easy - adding a new IMS is as easy as File, New and picking the IMS option (from the New, Other option if I recall correctly), this runs an IMS wizard - although anything you put into the wizard can be changed on the config tabs later.

I'm tempted to say if you pay my flights, I'll come and set it up for you!! - Stockholm in June is quite a draw...!

 

[Valier]

We found that the "dial up connections" tab in IMS, and also the "connection" tab in Internet Explorer hangs the machine.
After all, it was a "dialer virus" we had, so it makes some sense.

So we started in safe mode and set the IMS service to manual, and voila; the surfing works even in normal windows mode without the IMS disturbing.
Actually, looking closer I see that IMS never starts completely, it´s just freezes on "starting"...
IMS is probably the bad guy here, as you said.
We´ll recreate the IMS soon. Let you know how it worked out.

Yep. Stockholm is great these days.
But I am still leaving for vacations in Los Angeles next week.

Mike

 

[Valier]

So, now we recreated the IMS, no sweat.
Everything kind of works now.
It´s still a bit unstable, I think.
And we arer still having some worms and stuff crawling around.

But now the mail is going through the normal way.

Thanks once again, zbnet

 

[fuego007]

You should try to get a copy of NAV for Exchange v2.18 somewhere and install it on this server. This should offer a better level of protection than you seem to have now. You aren't likely to get it from Symantec (or even a reseller0, but you might find one on ebay.

When all else fails, read the book!