| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 106881 | 2010-01-26 22:56:00 | Scheduled Tasks | nofam (9009) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 852336 | 2010-01-26 22:56:00 | Just checking through my servers, and got a shock to see the attached - one of 1000 (!!) scheduled tasks all appearing to run . dll files with dodgy names . Server has Symantec Endpoint on it . . . . . :waughh: Pretty sure I should delete these? :badpc: |
nofam (9009) | ||
| 852337 | 2010-01-26 23:01:00 | Ripley: I say we take off and nuke the entire site from orbit. It's the only way to be sure. | fred_fish (15241) | ||
| 852338 | 2010-01-26 23:01:00 | Eew...symantec yet again for the win. :ban | wratterus (105) | ||
| 852339 | 2010-01-26 23:10:00 | Ah, the joys of Windows servers.:p | KarameaDave (15222) | ||
| 852340 | 2010-01-26 23:32:00 | I would say its full of trojans / malware | Speedy Gonzales (78) | ||
| 852341 | 2010-01-26 23:36:00 | diy home server with JBOD or business server with raid? Is your box rooted?If its just a home server id take it offline and check the contents of its hard drive with a linux live cd or at the very least on another system - otherwise files/folders could be hidden. |
pkm (13527) | ||
| 852342 | 2010-01-26 23:45:00 | diy home server with JBOD or business server with raid? Is your box rooted?If its just a home server id take it offline and check the contents of its hard drive with a linux live cd or at the very least on another system - otherwise files/folders could be hidden . The latter - X-series with 2 arrays, running Terminal Services/PDC/File Print Server . Running Endpoint scan now . . . . . though I doubt it will find anything . |
nofam (9009) | ||
| 852343 | 2010-01-26 23:46:00 | I would use something else / or put the hdd in something else then scan it | Speedy Gonzales (78) | ||
| 852344 | 2010-01-26 23:53:00 | If its rooted youl never find anything, it dont know how familiar you are with malware,but basically windows can be made to lie to you-from processes running to files and folders not existing. As speedy suggests, run a live cd,(even puppylinux) mount drives and scan. old one www.youtube.com |
pkm (13527) | ||
| 852345 | 2010-01-27 00:31:00 | My $0.02 would be to try RootKit Revealer (technet.microsoft.com) from MS as a starting point. Download on another machine & run on your server with network disconnected. | MushHead (10626) | ||
| 1 2 | |||||