Re: Serv-u
- From: v-robeli@xxxxxxxxxxxxxxxxxxxx (Robert Li [MSFT])
- Date: Wed, 11 Apr 2007 09:24:05 GMT
Hi Joseph,
Thanks for updating.
It's my pleasure help you. If you have any further questions related t o
this issue, please don't hesitate to let me know.
Murphy, Windows Defender can be installed on both Windows XP and Windows
Server 2003. You can find this information on the following link. I also
make a test on my test machine, which works OK. Also Windows Server 2003
SP1 is needed.
Windows Defender Home
http://www.microsoft.com/athome/security/spyware/software/default.mspx
Best regards,
Robert Li(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
<From: "joseph.rosario@xxxxxxxxx" <joseph.rosario@xxxxxxxxx>
<Newsgroups: microsoft.public.windows.server.sbs
<Subject: Re: Serv-u
<Date: 10 Apr 2007 12:38:00 -0700
<Organization: http://groups.google.com
<Lines: 145
<Message-ID: <1176233880.852845.203410@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
<References: <1176150423.271859.14970@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
< <wdhfDZ0eHHA.6068@xxxxxxxxxxxxxxxxxxxxxx>
< <DB09E52F-0EC1-43F6-AD64-BB746FEF3D13@xxxxxxxxxxxxx>
<NNTP-Posting-Host: 64.80.113.156
<Mime-Version: 1.0
<Content-Type: text/plain; charset="iso-8859-1"
<X-Trace: posting.google.com 1176233897 12202 127.0.0.1 (10 Apr 2007
19:38:17 GMT)
<X-Complaints-To: groups-abuse@xxxxxxxxxx
<NNTP-Posting-Date: Tue, 10 Apr 2007 19:38:17 +0000 (UTC)
<In-Reply-To: <DB09E52F-0EC1-43F6-AD64-BB746FEF3D13@xxxxxxxxxxxxx>
<User-Agent: G2/1.0
<X-HTTP-UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
rv:1.8.1.2) Gecko/20070219 Firefox/2.0.0.2,gzip(gfe),gzip(gfe)
<Complaints-To: groups-abuse@xxxxxxxxxx
<Injection-Info: 30g2000cwc.googlegroups.com; posting-host=64.80.113.156;
< posting-account=gnX5eQ0AAAC68hif7LqzaH2PmzjSCUu9
<Path:
TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTFEEDS02.phx.gbl!msrtrans!
msrn-in!newshub.sdsu.edu!postnews.google.com!30g2000cwc.googlegroups.com!not
-for-mail
<Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:28987
<X-Tomcat-NG: microsoft.public.windows.server.sbs
<
<On Apr 10, 10:44 am, M. Murphy <MMur...@xxxxxxxxxxxxxxxxxxxxxxxxx>
<wrote:
<> Robert,
<> sorry to interject into someone elses post, but I have a question...
<>
<> you are saying that it is ok to install windows defender on the server?
I
<> have read a post from someone, that they were against installing it on
the
<> server.
<>
<> "Robert Li [MSFT]" wrote:
<> > Hi Joseph,
<>
<> > Thanks for posting in our newsgroup.
<>
<> > From your description, I know than when you scanned your system, you
find
<> > the following:
<>
<> > 1. Svchost.exe running at your root c:\svchost.exe.
<> > 2. Serv-u.ini is at c:\recycler.
<> > 3. The files cdplayer.exe.manifest,
<> > ncpa.cpl.manifest, nwc.cpl.manifest, sapi.cpl.manifest seems to be
affected.
<>
<> > If I am off-base, please don't hesitate to let me know.
<>
<> > First, the problem is a pure virus related issue, our newsgroup doesn't
<> > provide technical support for this kind of problem. You can contact
Anti
<> > Virus software manufacture or Security Company for more help, or you
can
<> > wait for MVP's reply.
<>
<> > Generally speaking, svchost.exe should be located at
C:\Windows\System32.
<> > If it appears at other location, maybe the system is attacked by Trojan
<> > program. Also, files cdplayer.exe. ncpa.cpl. nwc.cpl, sapi.cpl,
wuaucpl.cpl
<> > seems to be affected. At this point, I suggest updating your Anti Virus
<> > software to the latest update and then have scan of your system.
<>
<> > Please try to download RootkitRevealer and run on SBS server to see
rookit
<> > can be removed. RootkitRevealer is an advanced rootkit detection
utility.
<> > It successfully detects all persistent rootkits published at
<> >www.rootkit.com, including AFX, Vanquish and HackerDefender (note:
<> > RootkitRevealer is not intended to detect rootkits like Fu that don't
<> > attempt to hide their files or registry keys).
<>
<> > For more information, please refer to:
<>
<> > RootkitRevealer v1.71
<> >http://www.microsoft.com/technet/sysinternals/Security/RootkitReveale...
<>
<> > You can also download Windows Defender and scan your server. Windows
<> > Defender is a free program that helps protect your computer against
<> > pop-ups, slow performance, and security threats caused by spyware and
other
<> > unwanted software. It features Real-Time Protection, a monitoring
system
<> > that recommends actions against spyware when it's detected and
minimizes
<> > interruptions and helps you stay productive. Now with 2 free support
<> > incidents for Windows XP and Windows Server 2003.
<>
<> > For more information, please refer to:
<>
<> > Windows Defender Home
<> >http://www.microsoft.com/athome/security/spyware/software/default.mspx
<>
<> > 823166 Overview of Exchange Server 2003 and Antivirus Software
<> >http://support.microsoft.com/?id=823166
<>
<> > Hope above information helps.
<>
<> > If you need further assistance, please don't hesitate to let me know.
<>
<> > Best regards,
<>
<> > Robert Li(MSFT)
<>
<> > Microsoft CSS Online Newsgroup Support
<>
<> > Get Secure! -www.microsoft.com/security
<>
<> > =====================================================
<>
<> > This newsgroup only focuses on SBS technical issues. If you have issues
<> > regarding other Microsoft products, you'd better post in the
corresponding
<> > newsgroups so that they can be resolved in an efficient and timely
manner.
<> > You can locate the newsgroup here:
<> >http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
<>
<> > When opening a new thread via the web interface, we recommend you
check the
<> > "Notify me of replies" box to receive e-mail notifications when there
are
<> > any updates in your thread. When responding to posts via your
newsreader,
<> > please "Reply to Group" so that others may learn and benefit from your
<> > issue.
<>
<> > Microsoft engineers can only focus on one issue per thread. Although we
<> > provide other information for your reference, we recommend you post
<> > different incidents in different threads to keep the thread clean. In
doing
<> > so, it will ensure your issues are resolved in a timely manner.
<>
<> > For urgent issues, you may want to contact Microsoft CSS directly.
Please
<> > checkhttp://support.microsoft.comfor regional support phone numbers.
<>
<> > Any input or comments in this thread are highly appreciated.
<>
<> > =====================================================
<>
<> > This posting is provided "AS IS" with no warranties, and confers no
rights.
<>
<> > --------------------
<> > <From: "joseph.rosa...@xxxxxxxxx" <joseph.rosa...@xxxxxxxxx>
<> > <Newsgroups: microsoft.public.windows.server.sbs
<> > <Subject: Serv-u
<> > <Date: 9 Apr 2007 13:27:03 -0700
<> > <Organization:http://groups.google.com
<> > <Lines: 9
<> > <Message-ID: <1176150423.271859.14...@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
<> > <NNTP-Posting-Host: 64.80.113.156
<> > <Mime-Version: 1.0
<> > <Content-Type: text/plain; charset="iso-8859-1"
<> > <X-Trace: posting.google.com 1176150423 20154 127.0.0.1 (9 Apr 2007
<> > 20:27:03 GMT)
<> > <X-Complaints-To: groups-ab...@xxxxxxxxxx
<> > <NNTP-Posting-Date: Mon, 9 Apr 2007 20:27:03 +0000 (UTC)
<> > <User-Agent: G2/1.0
<> > <X-HTTP-UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
<> > rv:1.8.1.2) Gecko/20070219 Firefox/2.0.0.2,gzip(gfe),gzip(gfe)
<> > <Complaints-To: groups-ab...@xxxxxxxxxx
<> > <Injection-Info: e65g2000hsc.googlegroups.com;
posting-host=64.80.113.156;
<> > < posting-account=gnX5eQ0AAAC68hif7LqzaH2PmzjSCUu9
<> > <Path:
<> >
TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTFEEDS01.phx.gbl!newsfeed.
<> >
cw.net!cw.net!news-FFM2.ecrc.de!nntp1.roc.gblx.net!nntp.gblx.net!nntp.gblx.n
<> >
et!newscon02.news.prodigy.net!prodigy.net!border1.nntp.dca.giganews.com!nntp
<> >
..giganews.com!postnews.google.com!e65g2000hsc.googlegroups.com!not-for-mail
<> > <Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:28707
<> > <X-Tomcat-NG: microsoft.public.windows.server.sbs
<> > <
<> > <I am running sbs2003sp1
<> > <I was scanning my ports and found svchost.exe running at my root
<> > <c:svchost.exe. It looks like the serv-u got into my server. I found a
<> > <serv-u.ini which created files at c:\recycler. I deleted the the files
<> > <and I ran a full system scan in safe mode but I found these files and
<> > <wanted to check if they were legitimate, cdplayer.exe.manifest,
<> > <ncpa.cpl.manifest, nwc.cpl.manifest, sapi.cpl.manifest,
<> > <wuaucpl.cpl.manifest also does this mean I have a rootkit virus
<> > <
<> > <
<
<Thanks for replying to my post. I will contact symantec for support
<
<
.
- References:
- Serv-u
- From: joseph.rosario@xxxxxxxxx
- Re: Serv-u
- From: joseph.rosario@xxxxxxxxx
- Serv-u
- Prev by Date: Re: recovery from failed sp2 install
- Next by Date: RE: McAfee ePolicy Orchestra wont Add Server after upgarding to SP
- Previous by thread: Re: Serv-u
- Next by thread: Re: CONTACTS LOST !
- Index(es):
Relevant Pages
|
