|
-
Nov 9th, 2005, 08:12 PM
#1
Small business server - argh!
We lost our small business server last week - got a trogan infection - which turned our exchange into a spam-sender and got our static IP address blocked -a real nightmare!
At any rate - my first step to correcting this was to get my ISP to host our e-mail - which they successfully pulled off today. Now my e-mail is out-of-house, which is a real relief.
Now the server - it's destroyed - the trojan/virus has killed it. Can't run norton (it simply freezes), can't install anything - 1600+ event logs each day. We think it's all OS/driver/software related - but also suspect that our "WAN-side" NIC is dead. At this point we have lost our internet connection at the office. The old configuration was DSL->CISCO 827 MODEM->NIC CARD on server. Second NIC card on server was connected to the LAN switch in the office...
So tomorrow, I'm thinking my next important step is to get a new DSL modem (don't know if the old CISCO 827 is dead or not - but it's old) and a new LINXUS router.
Once we get the LINXUS router and new modem in place, give the router the appropriate IP address and tell our ISP the MAC address, plug the switch into the router, the office should be back on the internet (only about 6 or so workstations).
This is stretching my hardware and network abilities a real lot - I'm really just a software guy...
Losing internet access has stopped me from being able to service my customers...
Now the server - we are thinking of nuking it and putting Win 2003 on it - it's got SBS 2000 right now. That was a priority 3 days ago, but with the e-mail being outside now and the potential for us to get internet access through a router/modem, that has dropped down the list.
So - at any rate - I am way outside my comfort zone on all of this...
Does anyone have any opinions on any of this??
-
Nov 9th, 2005, 08:15 PM
#2
Re: Small business server - argh!
Have you tried safe mode without networking,and just run Norton ?
Or any other tool for that matter, you might get lucky.
I bet you've already tried to no avail though.
-
Nov 9th, 2005, 08:37 PM
#3
Re: Small business server - argh!
We actually could run a virus scan on the server from one of the workstations - takes 10 hours! I'm actually running one tonight - but I don't have a lot of confidence.
But I think in the long run that's what killed the server. The netsky/licum virus was so attached to so many .EXE's that couldn't get cleaned, that those exe's are now destroyed. Two weeks ago I actually found someone RDP'd into the server - so we were definately compromised in a serious way.
Tried installing AVG - but it won't install on the server - seems the registry is so messed up that nothing will install.
Couldn't even install DSET - the DELL diagnostic tool that the DELL guy wanted us to use to report on what hardware might be damaged.
I'm almost afraid to burn CD's and DVD's of the important stuff on this server to re-install after we nuke it. I certainly never want to experience this kind of pain again...
-
Nov 9th, 2005, 10:24 PM
#4
Re: Small business server - argh!
I'd say burn the CDs or DVDs as your backup of your data. Then a fresh install after a low level format of all the drives, unplug the server from the power for a while, remove the mother board battery (maybe), and remove the ram too. Then after you get it all installed again before you restore the data, run a virus scan and make a backup ghost image of the OS install just in case. Its allot faster to reformat your drive and restore the entire drive from your backup hd image. Then do a virus scan of the CD data and if its clean copy it over. If its not and it brings down the system or a virus is found then wipe the system clean and restore but what to do about the infected data? Maybe try to copy it to a test worksttation's hd that has norton or mcafee, clean the data if possible and then restore the cleaned data back to the server.
Do you have the enterprize version of norton for the server? Its the only version that can run on the server.
VB/Office Guru™ (AKA: Gangsta Yoda™ ®)
I dont answer coding questions via PM. Please post a thread in the appropriate forum. 
Microsoft MVP 2006-2011
Office Development FAQ (C#, VB.NET, VB 6, VBA)
Senior Jedi Software Engineer MCP (VB 6 & .NET), BSEE, CET
If a post has helped you then Please Rate it! 
• Reps & Rating Posts • VS.NET on Vista • Multiple .NET Framework Versions • Office Primary Interop Assemblies • VB/Office Guru™ Word SpellChecker™.NET • VB/Office Guru™ Word SpellChecker™ VB6 • VB.NET Attributes Ex. • Outlook Global Address List • API Viewer utility • .NET API Viewer Utility •
System: Intel i7 6850K, Geforce GTX1060, Samsung M.2 1 TB & SATA 500 GB, 32 GBs DDR4 3300 Quad Channel RAM, 2 Viewsonic 24" LCDs, Windows 10, Office 2016, VS 2019, VB6 SP6 
-
Nov 9th, 2005, 10:50 PM
#5
Re: Small business server - argh!
Is there a free version of AVG that runs on a W2K server? Got a link?
-
Nov 9th, 2005, 10:54 PM
#6
Re: Small business server - argh!
I remember reading about it when I had that thread on antivirus' and AVG was not free for the server version.
VB/Office Guru™ (AKA: Gangsta Yoda™ ®)
I dont answer coding questions via PM. Please post a thread in the appropriate forum. 
Microsoft MVP 2006-2011
Office Development FAQ (C#, VB.NET, VB 6, VBA)
Senior Jedi Software Engineer MCP (VB 6 & .NET), BSEE, CET
If a post has helped you then Please Rate it! 
• Reps & Rating Posts • VS.NET on Vista • Multiple .NET Framework Versions • Office Primary Interop Assemblies • VB/Office Guru™ Word SpellChecker™.NET • VB/Office Guru™ Word SpellChecker™ VB6 • VB.NET Attributes Ex. • Outlook Global Address List • API Viewer utility • .NET API Viewer Utility •
System: Intel i7 6850K, Geforce GTX1060, Samsung M.2 1 TB & SATA 500 GB, 32 GBs DDR4 3300 Quad Channel RAM, 2 Viewsonic 24" LCDs, Windows 10, Office 2016, VS 2019, VB6 SP6 
-
Nov 9th, 2005, 10:57 PM
#7
Re: Small business server - argh!
DO NOT DO A LOW LEVEL FORMAT! You'll more than likely screw up you hard drive(s). A standard format will be sufficient.
Ok do you have any backups? (Tape etc.) If not you might want to invest in one.
I’d agree that blowing away the sever and starting again is a good idea, that way your sure it’s gone and it also clears out all the win-rot which will make it run faster.
I’d suggest you also scan all of your workstations in case the virus has spread, and to stop them getting infected I’d disconnect your server from the network.
For in the future;
If you don’t have it already you need regular backups, and take them off site! Imagine if there was a fire.
Run windows update regularly.
Setup a firewall at your router and only open port that are needed.
BTW: If you need any help with this stuff I'll be more than happy to help you out.
TPM
Add yourself to the VBForums Frappr Map!!
-
Nov 9th, 2005, 11:05 PM
#8
Re: Small business server - argh!
A low level format will not hard the hd as it only sets the drive with all zeros "0" as the state the hd is in when your purchase it new.
VB/Office Guru™ (AKA: Gangsta Yoda™ ®)
I dont answer coding questions via PM. Please post a thread in the appropriate forum. 
Microsoft MVP 2006-2011
Office Development FAQ (C#, VB.NET, VB 6, VBA)
Senior Jedi Software Engineer MCP (VB 6 & .NET), BSEE, CET
If a post has helped you then Please Rate it! 
• Reps & Rating Posts • VS.NET on Vista • Multiple .NET Framework Versions • Office Primary Interop Assemblies • VB/Office Guru™ Word SpellChecker™.NET • VB/Office Guru™ Word SpellChecker™ VB6 • VB.NET Attributes Ex. • Outlook Global Address List • API Viewer utility • .NET API Viewer Utility •
System: Intel i7 6850K, Geforce GTX1060, Samsung M.2 1 TB & SATA 500 GB, 32 GBs DDR4 3300 Quad Channel RAM, 2 Viewsonic 24" LCDs, Windows 10, Office 2016, VS 2019, VB6 SP6 
-
Nov 9th, 2005, 11:47 PM
#9
Re: Small business server - argh!
RobDog - yes, we have NORTON CORPORATE - but it's old - version 7 - and symantec won't support us when we call with "why is it frozen and won't scan the server". So I guess I'm off to purchase SYMANTEC CORP VERSION 11 (I believe that's the new version). Symantec was saying that was a $700 product - I'm sure I can find it cheaper somewhere...
I'm planning on a re-partion of the raid array - the C: drive was setup as only a 7 gig partion and that's too small (Dell suggested twice that size).
The really important stuff on the server is my SOURCE SAFE folders (which appear to work fine still) - and some user folders. I'll burn them all to CD or DVD in the next day or so. There is 1000's of e-mails in EXCHANGE - I guess I'll make .PST files of those, since we are not going to install EXCHANGE on this box ever again.
Why do you say to open the box and mess with battery and ram? I'm thinking that pulling the "possibly" bad "WAN-side" NIC card is a good idea.
TPM - we do have a backup scheme. We have a 100/200 GB tape backup system that has a 10-tape cycle. Week 1, M through F and Week 2, M through F. Unfortunately VERITAS BACKUP EXEC stopped working as well - about a week or so ago. So, I do have tapes that I can restore important files from at any time. I guess I'll buy 10 new tapes and the current ones will be archived forever as "before the infection" copies (they are a couple of years old, so probably getting tired anyway). They come home to my house every night - off-site backup is the most important thing you can do in a development shop (we are right upstairs from a late-night coffee shop - but also across the street from a fire house!).
We have NORTON on every workstation - and it runs every night for a local scan - found nothing on the workstations.
I was told that a good LINXUS router would serve as a reasonable firewall - do you think that I need more then that??
Rob - you just did a Win 2003 server install - was it fast and easy?
-
Nov 9th, 2005, 11:53 PM
#10
Re: Small business server - argh!
I was thinking of the ram pull incase your virus was a memory resident one. being reseated should clear the modules of anything thats in there. 
I installed the full version of 2003 Server and not SBS. It was about as easy as it could be as I am not a server or network guy. I am in the process of upgrading another system so I will have 3 systems of decent strength so I can install VSTS on them as it requires a minimum of 3 physical systems to install.
Try checking that thread I did on 2003 if you want to get some inside info before you start.
VB/Office Guru™ (AKA: Gangsta Yoda™ ®)
I dont answer coding questions via PM. Please post a thread in the appropriate forum. 
Microsoft MVP 2006-2011
Office Development FAQ (C#, VB.NET, VB 6, VBA)
Senior Jedi Software Engineer MCP (VB 6 & .NET), BSEE, CET
If a post has helped you then Please Rate it! 
• Reps & Rating Posts • VS.NET on Vista • Multiple .NET Framework Versions • Office Primary Interop Assemblies • VB/Office Guru™ Word SpellChecker™.NET • VB/Office Guru™ Word SpellChecker™ VB6 • VB.NET Attributes Ex. • Outlook Global Address List • API Viewer utility • .NET API Viewer Utility •
System: Intel i7 6850K, Geforce GTX1060, Samsung M.2 1 TB & SATA 500 GB, 32 GBs DDR4 3300 Quad Channel RAM, 2 Viewsonic 24" LCDs, Windows 10, Office 2016, VS 2019, VB6 SP6 
-
Nov 10th, 2005, 12:35 AM
#11
Re: Small business server - argh!
 Originally Posted by RobDog888
A low level format will not hard the hd as it only sets the drive with all zeros "0" as the state the hd is in when your purchase it new. 
No a standard format does that. A low level rewrites the drive tables which is a last resort, infact a lot of the time you won't even be able to do it.
TPM
Add yourself to the VBForums Frappr Map!!
-
Nov 10th, 2005, 12:37 AM
#12
Re: Small business server - argh!
 Originally Posted by szlamany
I was told that a good LINXUS router would serve as a reasonable firewall - do you think that I need more then that??
I'm sure it will be fine as long as it's configured correctly.
TPM
Add yourself to the VBForums Frappr Map!!
-
Nov 10th, 2005, 12:56 AM
#13
Re: Small business server - argh!
It's LINKSYS, btw.
(A division of CISCO)
Last edited by dglienna; Nov 10th, 2005 at 01:04 AM.
-
Nov 10th, 2005, 07:50 AM
#14
Re: Small business server - argh!
 Originally Posted by RobDog888
I was thinking of the ram pull incase your virus was a memory resident one. being reseated should clear the modules of anything thats in there. 
RAM is cleared everytime the computer is powered down, so, can anyone explain to me how RAM could be infected ?
-
Nov 10th, 2005, 03:02 PM
#15
Re: Small business server - argh!
So...
I've got the new modem/router - nice little ZOOM X6.
Called my ISP - gave it the MAC address - seems to work fine. My new laptop has no problem getting on the internet.
Other workstations in the office cannot connect to the internet. I can ping addresses from the CMD prompt like WWW.BU.EDU - so I know that addresses are being resolved - it's just that I cannot actually open a window in IE...
Error it gets is INTERNET EXPLORER CANNOT OPEN THE SEARCH PAGE - in a pop up.
I've looked at every setting I can think of...
-
Nov 10th, 2005, 03:06 PM
#16
Re: Small business server - argh!
Did you set/update the default gatway in DHCP?
TPM
Add yourself to the VBForums Frappr Map!!
-
Nov 10th, 2005, 05:49 PM
#17
Re: Small business server - argh!
After much clawing and gnashing of teeth - it was ISA client software running on the workstations that was not allowing those boxes out on the new router...
At this point my workstations are back on the internet - we can RDP and VPN into customer machines - life it much better today then yesterday
BTW - I scanned the server last night (from a workstation) and it once again found about 30 or so trojans...
Now I have to start zipping up important files on the old SERVER - put them onto some machine that can burn DVD's and think about creating a window 2003 server. We won't even consider connecting the old server to the new router...
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|