| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 136255 | 2014-02-09 06:33:00 | HJT Log for Windows Server 2008 | radium (8645) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1367228 | 2014-02-10 20:22:00 | ESC Trusted Zone: http://www.100percent.co.nz O15 - ESC Trusted Zone: http://*.furnituretogo.co.nz Why ?? Is someone using the server as a workstation . Always a bad idea. You need to lock this server down , restrict access. Also look at users passwords on the domain: lock those down as well & set the option to NOT allow users to change their own passwords. Some may have a stupid pass like 1234 allowing an user a/c to be hacked. Check that all user & admin passwords are not guessable Look at restricting/stopping user remote access as well, at least untill you've sorted this out. There may be a compromised user a/c that is being used to access/hack the server, it happens. ** perhaps a moderator can remove the domain name from the posted Hijack this logs :-) |
1101 (13337) | ||
| 1367229 | 2014-02-10 21:14:00 | blitz the hard drive and reinstall. you're never going to be sure did I remove the malware or not. That would be okay if it wasnt the only DC!, but still a wee bit drastic for me! |
SolMiester (139) | ||
| 1367230 | 2014-02-11 05:45:00 | perhaps this might help www.malwarebytes.org Wainui T suggested it in another posting. It seemed pretty effective for a couple of us. It is only running in a basic interface at the moment. | PPp (9511) | ||
| 1367231 | 2014-02-11 20:26:00 | I have seen this sort of thing before Was caused by a TS user having a ridiculously obvious 4 letter password . Every time the server was cleaned up the hacker/bot simply came back in & re-infected the server. You cant use a workstation mindset it clean infected servers |
1101 (13337) | ||
| 1 2 | |||||