Removing virus from infected server

[dcbrohuss]

What's the easiest method for cleaning a virus from an infected server? I want to boot from a floppy and run an antivirus program to clean the drives. How can I do it? The partitions are ntfs. Is there a util that will allow booting from a floppy and access to the command prompt to launch an antivirus app?

 

[Zelandakh]

Which virus have you got?

 

[age]

depending on the virus, the answer to this is often reinstall the whole server.... code red and the like leave backdoors open, which most anti virus companies are pretty vague about whether or not their products actually remove these.....

 

[yizhar]

HI!

What ever way you use to get rid of the virus, don't forget to install the SRP from Microsoft web-site to avoid re-infection.

http://www.microsoft.com/ntserver/sp6asrp.asp

Make sure that IIS is disabled until you fix all and install patches.
It is also highly recommended to disconnect the server from the LAN until cleaned and patched.

For the NIMDA virus, many AV vendors have a specific removal utility and instructions. if you're not going to re-install (which is recommended as mentioned above) then use the removal tool and verify you don't have drive C wide open.

http://www.sarc.com/avcenter/venc/data/w32.nimda.a@mm.html

One of the problems removing NIMDA is it's high reinfection rate using different techniques. So go one by one on your servers and clients, connecting only clean and patched machines to the network.

Bye
Yizhar

Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar