Hello there!
Dear analysts, my server (windosw server 2003) is severely infected by a malware.
I hope you can help me out with this issue.
I'll be waiting for your prompt reply.
Regards,
Printable View
Hello there!
Dear analysts, my server (windosw server 2003) is severely infected by a malware.
I hope you can help me out with this issue.
I'll be waiting for your prompt reply.
Regards,
Hello.
As far as I can see there is nothing harmful in your log. There are some suspicius files so if you want them to be checked, please, execute the script below. [b]Attention![/b] Your system will be restarted, so close all applications and clear all connections with your SQL-server before execute it.
[code]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('c:\sality mission\pack3\sality_off.exe','');
QuarantineFile('C:\Documents and Settings\Administrator.METROEUROPA.000\WINDOWS\System32\smss.exe','');
QuarantineFile('C:\Documents and Settings\Administrator.METROEUROPA.000\WINDOWS\system32\DRIVERS\57488671.sys','');
QuarantineFile('C:\Documents and Settings\Administrator.METROEUROPA.000\WINDOWS\system32\DRIVERS\32943243.sys','');
QuarantineFile('C:\Program Files\Common Files\Borland Shared\BDE\SQLMSS32.DLL','');
QuarantineFile('C:\KK_v3.4.7\KK.exe','');
QuarantineFile('C:\CorporeRM\API\CPConnect.dll','');
QuarantineFile('C:\CorporeRM\API\RMPlanilha.dll','');
QuarantineFile('C:\WINDOWS\System32\smss.exe','');
QuarantineFile('C:\WINDOWS\system32\DRIVERS\57488671.sys','');
QuarantineFile('C:\WINDOWS\system32\DRIVERS\32943243.sys','');
BC_ImportquarantineList;
BC_Activate;
RebootWindows(true);
end.[/code] After restart, upload quarantine via the link [url]http://virusinfo.info/upload_virus_eng.php?tid=50163[/url] as it's described in the app. 3 of [url=http://virusinfo.info/showthread.php?t=9184]the rules[/url]. And please, could you tell us more about your problem?