Window 20003 Server was affected by Trojan
問題
-
It was suspected that a hacker login to my Windows 2003 server, two infected files named "server.exe", "server[1].exe" under C:\DOCUME~1\ts\ and C:\DOCUME~1\ts\LOCALS~1\TEMPOR~1\Content.IE5\XBSQZD2U\ were deleted by Symantec Antivirus Software. According to the records shown on Threat History, it was found that one executable file "smss.exe" and two log files "wmsetup.log" and "OEWABLog.txt" were updated under C:\Windows recorded some unusual activities at exactly same time when the hacker got access right to the system. After that happened, I failed to remote the server through Remote Desktop "mstsc.exe" from a PC workstation, anyone know what caused this problem and how to resume it?
Very appreciate to see any help for my problem.
Thanks!
