Virus using our server to support an E Bay Scam site.

By rvndoc ·
Our server has been infected by a virus that none of our Anti Virus programs can locate. It is apparently using our Server to Send Out a scammed Pay-Pal Web Site. Has anyone been infected like this and do you have any resources or suggestions to help locate and eliminate this virus, short of re-formatting the server?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Firstly you don't have a Virus

by HAL 9000 Moderator In reply to Virus using our server to ...

If this is actually happening it's a sign of poor security and even worse maintenance to begin with.

What you have here is a BOT which has taken control of the server and turned it into a Zombie that is under someone else's control and leaves the company who owns the machine possibly responsible for any financial losses suffered by people adversely affected.

You need to reboot the system into Safe Mode after loading some Spy Ware Removal Tools that are recommended by either your Legal Department or by any Local Ordnances which you are required to work within. As I'm assuming that you have a compromised Windows Server you can look for Commercial Spy Ware Removal Tools that will work with your version of Windows Server by doing a Goggle Search.

After you have bought these and installed then updated then you then boot into Safe Mode and run the Scans and remove any infections.

Depending on how long this has been going on for I would generally recommend that the entire machine be wiped and reloaded as there is the possibility that numerous other Back Doors have been added which you will be unable to remove so you just blow away the Windows Install reload and then recover your data from your most recent backup before the infection occurred.

You'll need a wiping utility like Boot & Nuke to wipe the HDD's that is available for download here

That is just one of the possible utilities that you can use but you'll need to use something that has DoD Compliance and overwrite the HDD's several times anywhere between 8 and 15 times should do.


Related Discussions

Related Forums