Our computer began shutting down Friday. McAfee VirusScan Enterprise found the rdriv.sys (NTROOTKIT-J) Trojan Tuesday and would not delete, move, or clean. McAfee Firewall has been disabled and will not start. Installed all Windows Security Updates installed Latest VirusScan Version 8 spent over 4 hours with Tech Support. The Network is slowed to a snail's pace and remote computers cannot log on and server will not access the internet through router. Access to router limited to basic setup only. If I islate the Server it will access the internet.
Windows Server CPU Running 100%
- Thread starter etjr334
- Start date
- Status
howard_hopkinso
Posts: 21,238 +17
Hello and welcome to Techspot.
Go and read this thread HERE.
I have to tell you, that getting rid of a rootkit infection can be next to impossible. It might turn out, your only option is to reformat and reinstall.
Regards Howard :wave: :wave:
This thread is for the use of etjr334 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Go and read this thread HERE.
I have to tell you, that getting rid of a rootkit infection can be next to impossible. It might turn out, your only option is to reformat and reinstall.
Regards Howard :wave: :wave:
This thread is for the use of etjr334 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
Your system has quite a few nasties onboard.
Go HERE and follow the instructions exactly.
Post a fresh HJT log, only after doing the above.
Regards Howard
This thread is for the use of etjr334 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Go HERE and follow the instructions exactly.
Post a fresh HJT log, only after doing the above.
Regards Howard
This thread is for the use of etjr334 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
I am running F-Secure online scan, however these other suggestions do not mention the onlne scan will work on Windows Server 2000. Meanwhile, computers on the LAN side of our network have been systemically shutting down and when they are re-started they do not see the Network computers. I have uninstalled and reinstalled McAfee Firewall on the Server 5 times and in the process I see it running at 50% CPU Usage, but I am unable to Launch the Program interface. I looked at Kerio, but it does not run on Windows Server 2000. Could you offer any suggestions for a good firewall for Server 2000.
howard_hopkinso
Posts: 21,238 +17
Follow as many of the instructions as you can, in the link I gave you.
Post fresh HJT and Ewido logs as attachments into this thread, only after doing the above.
Regards Howard
This thread is for the use of etjr334 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Post fresh HJT and Ewido logs as attachments into this thread, only after doing the above.
Regards Howard
This thread is for the use of etjr334 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
As far as I can tell, your HJT log looks clean.
However, I`m not familiar with Windows server edition, so can`t be sure.
How`s your system running?
There are many items in your HJT log, that I can`t find any info on. This doesn`t necessarily mean they`re nasty.
Regards Howard
However, I`m not familiar with Windows server edition, so can`t be sure.
How`s your system running?
There are many items in your HJT log, that I can`t find any info on. This doesn`t necessarily mean they`re nasty.
Regards Howard
- Status
Similar threads
Latest posts
-
Worry your friends with this $9,420 flamethrower robot dog
- Tinderbox replied
-
Researchers have unlocked the "Holy Grail" of memory technology- DanteSmith replied
