Re: w3k server

Tech-Archive recommends: Fix windows errors by optimizing your registry

Reformatting this server is not an option at the moment, only as a last
resort when every thing else has been exhausted. I know there is something
there, Like I said I have the tools and such to clean it, I am just not ready
yet. It has been isolated and no further harm can come of it, myself and IT
security are working close with this and we just want to disect it to get
grasp on this.

"Matt Gibson" wrote:

> You don't clean rootkits.
>
> You format, and start from scratch.
>
> Matt Gibson - GSEC
>
> "RKM" <RKM@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:87075C1E-4045-406F-AB68-76D608A76839@xxxxxxxxxxxxxxxx
> > Hi,
> > I am convinced my server has been compromised. After research I am certain
> > it has. However, I am still a little unsure as to how and what is going.
> > It
> > appears that a program called Hacker Defender has been installed, thus
> > hiding
> > its registry entries and files. I have found two registry entries and
> > certain
> > tools shows that two exe files have been run, the kicker is those files
> > are
> > no where to be found, they just do not exist on the system. There was also
> > log files that were deleted. And I found an odd reg entry with the name of
> > Andreas Haak, with no subfolders for the key, I assume that the children
> > have
> > been hidden. It is apparent that the process used utilized something that
> > MS
> > has designed called Alternate Data Streams(ADS). I have the tools and
> > instuctions on how to remove this rootkit, but I need a little more
> > insight
> > on this before I clean it, I have isolated the server so it is useless to
> > them at the moment. One thing I have not been able to confirn is if w3k
> > server supports the ADS structure. Does anyone have any sorts of info on
> > this? Thanks.
>
>
>
.

Relevant Pages

  • RE: Outlook(R) Mobile Access probelms
    ... sorry ut we are about to start ANOTHER clean install. ... Did you use the backup files to restore your SBS Server? ... > Microsoft CSS Online Newsgroup Support ... > check http://support.microsoft.com for regional support phone numbers. ...
    (microsoft.public.windows.server.sbs)
  • Re: 2000 database restore on 2003
    ... At that point you would have to remove the server from AD ... If you goal is to get to E2k3 from E2k and have a clean build of the box ... In place upgrade the E2k to E2k3. ... Backup the edb and stm files to a safe location ...
    (microsoft.public.exchange2000.information.store)
  • Re: w3k server
    ... I would check out the rootkit tool from http://www.sysinternals.com there ... >> You don't clean rootkits. ... >>> I am convinced my server has been compromised. ... >>> its registry entries and files. ...
    (microsoft.public.windows.server.general)
  • Re: can more then one server run on a small business 2003 network
    ... Well, a fresh install will be clean, but as I said, it is not necessary to ... STILL have access to the accounting folders. ... >> the second 2003 DC to a member server if desired and do whatever you need ...
    (microsoft.public.windows.server.sbs)
  • Re: Timeout question on a socket thread
    ... The simplest way to construct the server is to have one thread that loops on the ServerSocket. ... clean up and the leave the thread. ... So if you want a short timeout on the login and a longer timeout on the main I/O thread you can. ... public void run{ ...
    (comp.lang.java.programmer)