Jump to content

medman

Members
  • Posts

    4
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I need to make sure that Malwarebytes does not scan my exchange folders and MDBDatabase. How do I set this up? The ignore list tab has no option to add entries. Thanks
  2. Thanks Jacktivity: Two of the servers are domain controllers. the third is my exchange server. Because malware has taken over the admin account (I can still use it but I can't change anything), I can't add my name (admin) or anyone else in the organization to the newly built domain. So email is out. When I promoted the first server to a DC on the new domain, I was able to create an alternate admin account, but whatever malware it is, has changed my password. S-i-i-i-gh. P.S. I just purchased 3 licenses, but no email so no order number. The account is Phil Wyatt, Medical Central Online. Thanks
  3. Hi There: I have the majority of my servers (3) in my domain infected with some type of malware (or more than one) I have scanned with malwarebytes, Search and Destroy (S&D) and AVG to no avail. First, I have done the following: 1. Rebuilt my domain twice with different domain name, applying W2003 SP2, and loading in Malwarebytes before hooking up to the LAN until I needed to download windows updates, downloaded AVG and S&D and ran them all/ Each time I got reinfected. 2. All of the infected servers have the malware trying to get out to 188.72.250.42, 217.20.115.1, 218.8.245.123 among others and they are caught by Malwarebytes monitor. 3. All of the servers have multiple DNS.exe and lsass.exe instances spawned. 4. The same or different malware took over my domain admin and locked me out EVEN AFTER I REINSTALLED THE DOMAIN WITH A DIFFERENT NAME! I have run sysinternals RootkitRevealer and nothing showed up except for incorrect truncation in the HKLM\software\classes\CLSID\{5645C8C2-E277-11CF-8FDA-00AA00A14F93}\inprocserver32\ThreadingModel. According to the sysinternals forums, Microsoft truncated the entry "Both" to "Bo". the forum is here: http://social.technet.microsoft.com/forums...e-31958e06729d/ I'm at the end of my rope! Help would be appreciated.
  4. Hi There: I have installed Malware bytes and run it against some malware on my servers and workstation. It didn't get rid of the malware, but did block the malware from transmitting to a know poisoned site (This is done continuously throughout the day by the nasty). When malwarebytes blocks a transmission to a known poisoned site, a balloon appears and the message comes up and states "Successfully blocked access to a potentially malicious site. Suggestion so a user can debug the problem: 1. When the blocked message appears, also display the process name and the port it is trying to get out on. 2. If you can, display all processes that spawned that specific malware try, and their locations in the registry or directory. 3. Give the user the option of sending malwarebytes all of the info. That way, you guys can keep updating your signature files. Thanks
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.