Question

Locked

How do I determine if our server has malware and/or virus.

By PHRATE ·
Each time a user logs on the PC keeps looping and it started with one workstation and each time we go to another workstation and log on we get the same effect. We contacted our computer support firm and asked if this could be coming from our server since each workstation is getting the same looping, they said that malware and viruses don't get to the servers? I think this is untrue.
I don't have any confidence in our Computer support company.

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

interesting...

by ---TK--- In reply to How do I determine if our ...

It really depends on what kind of virus has hit your network... Sounds more like a worm of some sort... either way it doesn't really matter...

Could it infect your servers? O **** yes it can... But it depends on what servers you are running, if you are running Unix servers you will be fine. If they are MS servers, I hope you have the most recent updates/ and your AV is up to date...

But first couple questions...

1. Is it just that user, or all users?
2. have you tried safe mode?
3. Have you used a Bootable CD and ran a AV scan/maleware scan (look into Ultimate Boot CD)?
4. What kind of servers do you have?
5. what AV are you using.. Server side and Client side?

Collapse -

what do you mean by "looping"

by CG IT In reply to How do I determine if our ...

continuous reboots?

Most viruses and worms that do data harvesting don't want to draw attention to themselves so that no one knows it on the network.

The ones that do draw your attention are the blackmail/hostage viruses which are very apparent. A user can't do anything with their workstation until they pay the money or the smart IT guy runs Malwarebytes and then AV to clear the infection.

So looping meaning continuous reboots doesn't fit the mold.

Collapse -

If it is a reboot loop, you need to get it to stop doing that first

by seanferd In reply to How do I determine if our ...

If you can get into Safe Mode, disable the Reboot on Failure option (one of the dumbest default settings ever, IMO) so you can see what the problem is. You may just see a BSOD with some helpful error codes then.

Collapse -

hmmm ... try this ...

by digitrog In reply to How do I determine if our ...

First off,
If you can bring up the "Task Manager" as the desktop loads [Ctrl]+[Alt]+[Del], you may be able to run some tools and fixes , otherwise, you may first need to boot to safe mode ...
... anyways Right click on "My Computer" and go to properties, select the "Advanced" tab, now go to Settings under the Startup & Recovery, then under "System Failure" - uncheck [ ] Automatically Restart , then [OK] all the way back to the Desktop.
If you got to this from normal mode - close the Task Manager, otherwise just restart.
Now when the computer crashes you should have the Blue Screen with some crash codes .

Meanwhile, Download Dr.Web's Cure IT! [ on a different computer preferably ] and burn it to CD.
If you can get the computer to stay running via the task manager, otherwise from safe mode, run the Cure IT in both quick and Full modes, which CAN take a long time to scan.
I would suggest to let it Cure [Always] or kill off (Delete)[always] if no cure available.

After using Cure IT, you could still try MalwareBytes AntiMalware ... as well ,

I would also Suggest to look for a thorough Anti Virus - such as COMODO internet suite, which is FREE for personal use,
Another thorough Freeware A/V is Rising AntiVirus [ which is actually from China ... ] , make sure to do a FULL thorough scan of the all drives with the latest updates installed ...
You could also Download the Portable version of ClamWin Anti-virus, extract that onto an internet enabled computer, run the Clamwin and get it to update, then copy that Complete folder to a USB flash drive, and then you can copy that to the infected computer [runs quicker] or simply run it from the USB ...
You MUST remember, most of those intrusive gremlins [ Virus, trojans, worms etc. ,] Will also propagate onto USB drives, so make sure to Fully Scan those as well, IF you find any infections - that is ...

Also I would suggest to then take the Cure It and run on other computers on the system , just to make sure ...

There is also still the chance of the System simply crashing because of a lost or damaged Driver - to which information you may be able to see from the BSOD and crash codes.
"Fatal error - system halted due to driver XXXXX.ZZZ " and a series of [0x:0000 etc ] codes ... and you might be able do a system restore ...

PS - which reminds me, IF there are signs of some infection you Will also need to Dis-able the System Restore, which often can also become infected, and then will simply re-install the nasties at the next re-boot !

And in the extreme cases you may need to use some sort of recovery Boot CD to help sort it out ...

Back to Networks Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums