Greetings community; it's been a long time since I've been on this board - the updates look great.
I have a problem on one of my clients' Server: SBS2k3 SP1.
They have been uninterested in antivirus for as long as I've known them, and finally last week they got compromised (I think by CC Proxy).
I used HouseCall to remove what it could while the office users were still working, and it seemed to have started the clean, however I noticed that there were user accounts once-again generated (I had disabled about 6 user accounts on the server that must have been added by whomever compromised the server), this time 2 new user accounts were created, and I promptly disabled them. I also changed the administrator password. I am now installing Symantec Endpoint and trying to manually remove any traces of whatever still might be malware on the system.
One of the things these individuals did once on the server was "break" taskmanager; it now opens Windows Explorer no matter how you attempt to launch it: Ctrl+Shift+Esc, or right-click on the taksbar, or by typing taksmgr in the run box.
D'oh!
Anybody know how to fix this?
Many thanks in advance.
AJE
I have a problem on one of my clients' Server: SBS2k3 SP1.
They have been uninterested in antivirus for as long as I've known them, and finally last week they got compromised (I think by CC Proxy).
I used HouseCall to remove what it could while the office users were still working, and it seemed to have started the clean, however I noticed that there were user accounts once-again generated (I had disabled about 6 user accounts on the server that must have been added by whomever compromised the server), this time 2 new user accounts were created, and I promptly disabled them. I also changed the administrator password. I am now installing Symantec Endpoint and trying to manually remove any traces of whatever still might be malware on the system.
One of the things these individuals did once on the server was "break" taskmanager; it now opens Windows Explorer no matter how you attempt to launch it: Ctrl+Shift+Esc, or right-click on the taksbar, or by typing taksmgr in the run box.
D'oh!
Anybody know how to fix this?
Many thanks in advance.
AJE