Windows 2003 Server Infected

Discussion in 'Malware Help (A Specialist Will Reply)' started by livetechsupport, Jan 27, 2009.

  1. livetechsupport

    livetechsupport Private E-2

    I have been working on a windows 2003 server recently that was infected badly.
    I have removed all of the malware from the machine.
    I have run and ran virtually every piece of anti-virus and spyware I could find. I still have one little problem
    When I try and go to windows update or any antivirus site on the server it fails to resolve on the dns.
    So no problem, I just put in the IP Address... it's blocked to.
    I don't understand it because my dns servers are as they should be( so no dns hijack)
    There are no processes running on the machine that would cause this, I've got through everything with a fine tooth comb.
    Any help or suggestions would be appreciated.
     
    livetechsupport, Jan 27, 2009
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    This we cannot comment on unless you run our cleaning procedures and attach the logs we request. See the READ & RUN ME sticky.


    Do you have a router or cable/dsl modem/router in the loop? If so, reset it back to factory defaults and then reconfigure it for your network and see it that helps.

    What are you using to look for processes?
     
    chaslang, Jan 28, 2009
    #2
  3. livetechsupport

    livetechsupport Private E-2

    Yeah, some of the read and run doesn't like server 2003.
    I use process explorer to look at all the processes and the dll's they are calling.
    I can't really just reset the router or anything to factory default is this is a network with about 10 other machines that are running fine.

    I'll see if I run the tools again.

    Mark
     
    livetechsupport, Jan 28, 2009
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I'm not sure that is true. I believe everything runs on Windows Server with the possibly the exception of ComboFix.

    If other PCs are not being impacted then the router is more than likely okay.


    Good that you are using ProcessExplorer as Task Manager is unreliable.
     
    chaslang, Jan 28, 2009
    #4
  5. livetechsupport

    livetechsupport Private E-2

    Well, I ended up reformatting the server, but I did find a way to re-enable my network.
    right click my computer
    click manage
    go to services
    right click dns client, then stop

    My internet was working fine, but with all that server had been through we decided to reformat it anyways.

    Thanks for your help though!

    Mark
     
    livetechsupport, Jan 29, 2009
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Surf safely.
     
    chaslang, Feb 1, 2009
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds