Jump to content

Windows 2003 Server has been hacked


roffer

Recommended Posts

Hi -

I have a Windows 2003 server that seems to have been hacked. It exhibits several strange behaviors:

- creates new AD accounts on its own

- created a list of 40+ IP entries in the local routing table

- installed apache web server and captured incoming HTTP sessions

- causes new program installations to run very slowly or not at all

So far I have taken the following steps to re-mediate with some limited success:

- purchased, installed and ran Malwarebytes on server, removing serveral threats

- purchased, installed and ran Symatec Endpoint Protection, removing three more threats (two were minor tracking cookies)

- changed the passwords on all accounts and disabled the ones that were not recognized

- ran ESET online scan - found nothing

- tried to run Kaspersky online scan - it did not run

- ran HiJackThis! and have attached log

- ran GMER and have attached log

(DDS does not run on Windows 2003)

Would appreciate feedback on next steps.

gmer_log_for_termserver.zip

hijackthisfor_TERMSERVER.zip

mbam_logs.zip

Link to post
Share on other sites

  • Root Admin

Unfortunately Servers are not well supported by most tools and most of these type of infections are caused by allowing someone to surf the Web from the server with Admin rights.

I can assist you if you like but we have no pay per incident and it can take a few days maybe to clean it up depending on what is wrong. Another issue you now possibly have is that it's very difficult to trust the server once it's been compromised. I know it's not something you want to hear and not something easy as I manage quite a few myself and hundreds at another job but rebuilding it is the safest method. If you do want me to assist you though then please send me a private message with your contact information.

Thanks

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.