+ Post New Thread
Results 1 to 10 of 10
Windows Server 2000/2003 Thread, Virus on Server in Technical; We are having major problems on our SIMS server with the w32/sality-am virus, we have sophos installed and its is ...
  1. #1

    Join Date
    Dec 2007
    Location
    Manchester
    Posts
    14
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Virus on Server

    We are having major problems on our SIMS server with the w32/sality-am virus, we have sophos installed and its is cleaning up detected items but then some of the exe files will not run and become infected again, does anybody know a way of permanantly removing this virus.

  2. #2

    Join Date
    Mar 2008
    Location
    Surrey
    Posts
    2,168
    Thank Post
    98
    Thanked 319 Times in 261 Posts
    Blog Entries
    4
    Rep Power
    112
    Since you're using Sophos this might help: Sophos: Disinfecting PE executables

  3. #3

    Join Date
    Dec 2007
    Location
    Manchester
    Posts
    14
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    thanks james i have done that and followed the instructions but it still keeps re-appearing.

  4. #4


    Join Date
    Feb 2007
    Location
    Northamptonshire
    Posts
    4,689
    Thank Post
    352
    Thanked 794 Times in 714 Posts
    Rep Power
    346
    roughyed,

    I recently attended a site with this exact virus on their SIMS server.

    My advice to you would be to isolate the server (first action always upon infection) and in parallel ensure the virus is not elsewhere on the site whilst taking a very light back up of only the most crucial files, the SIMS ldf/mdf and docstorage should be sufficient I'd think but check with your support provider if you have one.

    Format + reinstall the server, SIMS, etc, and restore your light back up.

    It's the only safe and sure way to know you've eradicated the virus as like you said, it's annoying when it breaks EXE's especially when it does it to everything in the setups dir!

  5. #5

    Join Date
    Dec 2007
    Location
    Manchester
    Posts
    14
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    I was afraid someone would say that we have 4 other essential software programs on this server so to do a re-install would be a nightmare.

  6. #6

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,097
    Thank Post
    857
    Thanked 2,680 Times in 2,273 Posts
    Blog Entries
    9
    Rep Power
    769
    Have you tried a different AV product, there are some online scanners along with some other solutions that can run off Windows PE/UBCD4Win that may be able to disinfect your machine while it is offline.

  7. #7

    Join Date
    Dec 2007
    Location
    Manchester
    Posts
    14
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    I haven't tried that is there any you would suggest to use.

  8. #8

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    The server is compromised. You can no longer trust it to work as expected. A format, reinstall and recovery from a known good backup is your only choice.

  9. #9

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,097
    Thank Post
    857
    Thanked 2,680 Times in 2,273 Posts
    Blog Entries
    9
    Rep Power
    769
    Dr.Web LiveCD is a software product that features a standard, Dr.Web scanner

    Try this one as well:
    UBCD for Windows with ClamWin and Trend Micro SysClean from the additional downloads.

    That and following the removal instructions from here:
    W32.Sality.AE Removal - Removing Help | Symantec

    Edit: As Geoff says above, it is a server and the only way to be completely sure it is trusted is a reinstall unless it is an old easily identifyable and removable virus that has been fully explored and understood.
    Last edited by SYNACK; 20th January 2009 at 01:19 PM.

  10. #10

    Join Date
    Mar 2008
    Location
    Surrey
    Posts
    2,168
    Thank Post
    98
    Thanked 319 Times in 261 Posts
    Blog Entries
    4
    Rep Power
    112
    If you have a known good backup then as people have said that's the best course.

    You should be able to take off the SIMS database, and any others you may have on there, and reattach them once the backup is restored to prevent data loss.

    Since the virus (supposedly) infects .scr and .exe files the data itself should be safe, but I'd recommend doing a scan on each of the data files before reattaching them.

SHARE:
+ Post New Thread

Similar Threads

  1. New Virus?
    By apeo in forum Windows
    Replies: 8
    Last Post: 10th October 2008, 01:12 PM
  2. Anti Virus for Terminal Server?
    By cookie_monster in forum Thin Client and Virtual Machines
    Replies: 6
    Last Post: 1st June 2008, 03:58 PM
  3. virus on server
    By chrbb in forum Windows
    Replies: 6
    Last Post: 26th January 2008, 12:57 PM
  4. Replies: 20
    Last Post: 14th August 2006, 08:38 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •