none
Window 20003 Server was affected by Trojan RRS feed

  • 問題

  •  

    It was suspected that a hacker login to my Windows 2003 server, two infected files named "server.exe", "server[1].exe" under C:\DOCUME~1\ts\ and C:\DOCUME~1\ts\LOCALS~1\TEMPOR~1\Content.IE5\XBSQZD2U\  were deleted by Symantec Antivirus Software. According to the records shown on Threat History, it was found that one executable file "smss.exe" and two log files "wmsetup.log" and "OEWABLog.txt" were updated under C:\Windows recorded some unusual activities at exactly same time when the hacker got access right to the system. After that happened, I failed to remote the server through Remote Desktop "mstsc.exe" from a PC workstation, anyone know what caused this problem and how to resume it?

    Very appreciate to see any help for my problem.

    Thanks!

    2008年8月21日 上午 10:08

解答

  • To clean up the machine, I will suggested you should install the Windows 2003 Server. If you are using as a web server, I will suggested you need to secure the server next time.

     

    You may consider to install a firewall client to protect the server, with antivirus so you can ensure the server shoul be virus free.

    2008年9月22日 下午 01:01

所有回覆

  • May be the hacker change the file. What is your server purpose? I think you must review why the server affected. I think you got affected because of you are using this server goes to internet. Isnt it?

    2008年8月23日 下午 03:46
  •  

    Yes, the server is serving on the internet. I have scanned through C drive and found certain files were updated as mentioned before, after that it was disable for responding to remote desktop request. The updated files were restored from backup but the remote desktop is still failed. What would you recommend to do for resuming the remote desktop? Restore any Window level files (e.g. dll???) or reinstall Window server 2003? Please help!!!
    2008年8月25日 上午 10:37
  • To clean up the machine, I will suggested you should install the Windows 2003 Server. If you are using as a web server, I will suggested you need to secure the server next time.

     

    You may consider to install a firewall client to protect the server, with antivirus so you can ensure the server shoul be virus free.

    2008年9月22日 下午 01:01