raidensnake
31-05-2008, 21:43
I hate to tell you this but you need to install Service Pack 2.
Antivirus for Windows Server 2003 SP1
ltavr
30-05-2008, 21:48
@slayer2005: My problem is not "waiting" for OVH support. My problem is that if and when that answer comes it still might not be a solution as, probably, this is not related to OVH but with some kind of error on my part and for which, therefore, they are not responsible. Anyway, as the answer didn't come until Friday I would always have to wait, at least, until Monday. As this is a place where OVH users also gather I just thought I could get some help from one of the members here.
Regarding the AV... I only tried installing it when I realized I was having problems. I never felt the need to install one on my previous servers. I just used the Windows Firewall and Spybot and it was perfectly enough. I did this "small" mistake of risking browsing a little bit and downloading a couple of files and that, unfortunatelly, proved to be fatal.
@weiny: Mate... if you knew how many hours I lost in these past couple of days googling... Thank you for that tutorial. Although it's quite a book I'll surely read it and try to figure out something.
@iand: I don't have Java installed. In fact, I only had the server for a couple of 2 days and was in the process of setting it up. Thanks a lot for your link to that forum. I'll check it out.
Thank you for all your answers. You've been most helpful. Let's see if I can sort this out...
Regarding the AV... I only tried installing it when I realized I was having problems. I never felt the need to install one on my previous servers. I just used the Windows Firewall and Spybot and it was perfectly enough. I did this "small" mistake of risking browsing a little bit and downloading a couple of files and that, unfortunatelly, proved to be fatal.
@weiny: Mate... if you knew how many hours I lost in these past couple of days googling... Thank you for that tutorial. Although it's quite a book I'll surely read it and try to figure out something.
@iand: I don't have Java installed. In fact, I only had the server for a couple of 2 days and was in the process of setting it up. Thanks a lot for your link to that forum. I'll check it out.
Thank you for all your answers. You've been most helpful. Let's see if I can sort this out...
iand
30-05-2008, 20:44
you may be better of posting hijack this log here http://www.security-forums.com/viewforum.php?f=48
if you have java on your server try trendmicros online scanner http://housecall.trendmicro.com/uk/
if you have java on your server try trendmicros online scanner http://housecall.trendmicro.com/uk/
weiny
30-05-2008, 20:41
Yes, you have some problems looking at your log. The tutorial will help you identify the problems.
http://www.bleepingcomputer.com/tuto...utorial42.html
More often than not, the best help is google.
http://www.bleepingcomputer.com/tuto...utorial42.html
More often than not, the best help is google.
slayer2005
30-05-2008, 20:41
Maybe if you cant wait for a surport answer reinstall the server,obviously depends if you have any important data on it.
me myself have never installed a anti virus on my servers and neva had any probs.
me myself have never installed a anti virus on my servers and neva had any probs.
ltavr
30-05-2008, 20:23
Come on guys... a little help here! I already contacted support through the manager but I'm still waiting for a reply.
Any learned guy here that could have a look at this log? I definitelly have a virus there and I simply can't use the server... I have no access to the Net cause neither IE nor Firefox open. Several other applications also don't open.
Let me just say that I tried to install an AV before all this happened but they wouldn't install cause they were not corporate versions. I'm still looking for one... I was with leaseweb before renting an OVH and I never felt the need to install an AV. I just had Spybot installed and it was enough together with the Firewall.
I'm sure someone will know what do to... I mean, you probably know how it feels like having a server and not beeing able to use it at all.
Thanks in advance for any help on this.
ltavr
Any learned guy here that could have a look at this log? I definitelly have a virus there and I simply can't use the server... I have no access to the Net cause neither IE nor Firefox open. Several other applications also don't open.
Let me just say that I tried to install an AV before all this happened but they wouldn't install cause they were not corporate versions. I'm still looking for one... I was with leaseweb before renting an OVH and I never felt the need to install an AV. I just had Spybot installed and it was enough together with the Firewall.
I'm sure someone will know what do to... I mean, you probably know how it feels like having a server and not beeing able to use it at all.
Thanks in advance for any help on this.
ltavr
ltavr
30-05-2008, 02:25
Well... I ended up running Highjackthis cause things got worsee and worser. At some point I couldn't open several applications including both IE and Firefox... I sent Highjackthis from home PC. I'm not very experienced analysing the logs and although I have used that utility at highjackthis.de I'm still not sure what i should fix. If someone could help me that would be great. Here's my log:
Logfile of HijackThis v1.99.1
Scan saved at 12:49:45 PM, on 5/29/2008
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\copssh\bin\cygrunsrv.exe
C:\Program Files\copssh\bin\sshd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Up\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://google.com/
O2 - BHO: (no name) - {06E12C36-760F-4D92-8509-5E5DBF12C423} - C:\WINDOWS\system32\fccCRjhH.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: (no name) - {EEE73DE3-457C-430A-B614-BA965BC017CD} - C:\WINDOWS\system32\vtUnnkkK.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BMfb40d0b7] Rundll32.exe "C:\WINDOWS\system32\dlcddliq.dll",s
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1149752800553
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A2BDFF3-C114-4C4E-B7B0-7426644239A8}: NameServer = 10.48.100.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{8802DDAB-18B4-412C-9395-A22DD8F74F0B}: NameServer = 10.48.100.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1F056F8-2F80-4496-B66D-6348B45BFAFF}: NameServer = 10.48.100.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{C686F0B6-F4C8-4BA4-8DC1-97EC2058202B}: NameServer = 10.48.100.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA8ED4EC-0D15-4DED-8C33-73E10268CE1B}: NameServer = 10.48.100.2
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\SYSTEM32\dimsntfy.dll
O20 - Winlogon Notify: fccCRjhH - C:\WINDOWS\SYSTEM32\fccCRjhH.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Openssh SSHD (copSSHD) - Unknown owner - C:\Program Files\copssh\bin\cygrunsrv.exe
Many thanks in advance for any help on this.
Cheers.
Logfile of HijackThis v1.99.1
Scan saved at 12:49:45 PM, on 5/29/2008
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\copssh\bin\cygrunsrv.exe
C:\Program Files\copssh\bin\sshd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Up\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://google.com/
O2 - BHO: (no name) - {06E12C36-760F-4D92-8509-5E5DBF12C423} - C:\WINDOWS\system32\fccCRjhH.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: (no name) - {EEE73DE3-457C-430A-B614-BA965BC017CD} - C:\WINDOWS\system32\vtUnnkkK.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BMfb40d0b7] Rundll32.exe "C:\WINDOWS\system32\dlcddliq.dll",s
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1149752800553
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A2BDFF3-C114-4C4E-B7B0-7426644239A8}: NameServer = 10.48.100.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{8802DDAB-18B4-412C-9395-A22DD8F74F0B}: NameServer = 10.48.100.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1F056F8-2F80-4496-B66D-6348B45BFAFF}: NameServer = 10.48.100.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{C686F0B6-F4C8-4BA4-8DC1-97EC2058202B}: NameServer = 10.48.100.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA8ED4EC-0D15-4DED-8C33-73E10268CE1B}: NameServer = 10.48.100.2
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\SYSTEM32\dimsntfy.dll
O20 - Winlogon Notify: fccCRjhH - C:\WINDOWS\SYSTEM32\fccCRjhH.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Openssh SSHD (copSSHD) - Unknown owner - C:\Program Files\copssh\bin\cygrunsrv.exe
Many thanks in advance for any help on this.
Cheers.
Alister
29-05-2008, 18:36
ltavr
29-05-2008, 17:32
Hi guys,
I usually run either Nod32 or Kaspersky Internet Security on my PC.
I tried to install first one then the other but I can't. The message it gives me when, for instance, I try to install Nod32 3.0.657 is:
"This product version is not intended for server operating systems."
Something similar happens when I try to install KIS 7.0.1.325
I have this very annoying virus/spyware/adware that is opening comercial web pages when I browse the net.
Spybot is not able to correct this. I need to at least perform a scan even if I then keep the AV disabled most of the time.
Any help would be great. Many thanks in advance.
I usually run either Nod32 or Kaspersky Internet Security on my PC.
I tried to install first one then the other but I can't. The message it gives me when, for instance, I try to install Nod32 3.0.657 is:
"This product version is not intended for server operating systems."
Something similar happens when I try to install KIS 7.0.1.325
I have this very annoying virus/spyware/adware that is opening comercial web pages when I browse the net.
Spybot is not able to correct this. I need to at least perform a scan even if I then keep the AV disabled most of the time.
Any help would be great. Many thanks in advance.