Re: Virus Problems......
From: Dave Nickason [SBS MVP] (gwdibble_at_NOSPAM.frontiernet.net)
Date: 03/18/04
- Next message: Richard Fagen: "SBS 2003 replacement CD#3 - which one?"
- Previous message: IBC: "Re: AV Products again"
- In reply to: Mike: "Virus Problems......"
- Next in thread: anonymous_at_discussions.microsoft.com: "Re: Virus Problems......"
- Reply: anonymous_at_discussions.microsoft.com: "Re: Virus Problems......"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 18 Mar 2004 10:29:32 -0500
I'd probably start by disabling your Internet connection to prevent any more
infected files from moving out from your server (or in). You need to use
your Exchange AV scanner to get rid of this if it's showing up on the M
drive - as they've said, you can't run the ordinary file system scanner on
M. You need to scan/clean your Exchange databases, since that's where the
virus is, using the Exchange portion of your AV software.
Some of these viruses use their own SMTP engine, and some use Exchnage.
That's why you need to do a complete file system scan AND Exchange-aware
scan, so that you'll catch files that have been installed on the system and
files that are still held in Exchange.
Since I doubt you're opening e-mail attachments on the server, you must have
some infected workstations as well. Consider the option of updating all the
workstation AV signature files, then pull the plug on your hub or switch so
that each server and workstation in your office is isolated from the others.
Run at least one virus scan on all of them. Another thing I'd do is that
most of the AV companies offer free on-line AV scanners on their web sites.
Once you've used your AV program to get rid of everything you can find,
reconnect to the Internet and run the online scanner of a competing company.
That'll give you a second shot at anything the first scan may have missed.
And lastly, you need to figure out how it happened that a virus got by your
defenses, and increase your security and/or user training appropriately. No
one precaution is enough - I ran a virus file myself a couple of weeks ago,
and I'm the most paranoid person I know when it comes to attachments.
"Mike" <anonymous@discussions.microsoft.com> wrote in message
news:fc6901c40cf9$fbc57bb0$a101280a@phx.gbl...
> I'm running SBS 2000 along with the Exchange. The server
> was hit with multiple virus' recently. The virus' that
> were quarantined, i got rid of, but i believe that thier
> is still a problem.
>
> We're being told that our company is sending out
> malicious emails, when in reality we're not. It's the
> virus!!
>
> Right now, the system's email and internet is running
> extremely slow. I tried running the "cleaning" utility
> that i got from symantec, but it tells me that i SHOULD
> NOT run it on the M:/ Drive. Now, how am i suppose to
> clean this problem up if i can't run it on the M:/ drive
> and that's where the virus is?????
>
> Also, is it possible that the virus disables/changes the
> Administrator password? I can't log in!! What do i do
> about this?
>
> Thanks in advance for any help.
>
> Mike
- Next message: Richard Fagen: "SBS 2003 replacement CD#3 - which one?"
- Previous message: IBC: "Re: AV Products again"
- In reply to: Mike: "Virus Problems......"
- Next in thread: anonymous_at_discussions.microsoft.com: "Re: Virus Problems......"
- Reply: anonymous_at_discussions.microsoft.com: "Re: Virus Problems......"
- Messages sorted by: [ date ] [ thread ]
