Announcement

Collapse
No announcement yet.

Windows 2003 & system32 and system directories

Collapse
This topic is closed.
X
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Windows 2003 & system32 and system directories

    Hello,

    I would like to know how can I recover the raw files of the system32 and system directories ?

    Also, Where can I find a list of files which need to be located on those directories (system32 and system) ?


    I found several viruses on windows 2003 server OS and I would like to make comparison between the need files and the fake files.

    thanking you in advanced.
    The rules DO apply to me.

  • #2
    Re: Windows 2003 & system32 and system directories

    Don't bother. If you have "Many viruses", ( !!!) reformat the box and start again from scratch. And this time, before you connect the network, install some anti-virus protection, a firewall and some anti-spyware! Make sure that Internet Explorer Enhanced Security Configuration is enabled.


    Tom
    For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

    Anything you say will be misquoted and used against you

    Comment


    • #3
      Re: Windows 2003 & system32 and system directories

      Hello,

      I must do recovery , this is production server.
      I can't format it.
      The rules DO apply to me.

      Comment


      • #4
        Re: Windows 2003 & system32 and system directories

        You can't backup the data, reformat it and restore the data?!

        I understand that it's a production server, which is exactly WHY you MUST reformat it; right now it has the potential to utterly destroy your whole computer estate; whereas reformatted it will present no danger.

        I have to say that I'm utterly flabbergasted that any organisation would allow their production servers to be exposed in this way...
        Last edited by Stonelaughter; 15th January 2007, 10:17.


        Tom
        For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

        Anything you say will be misquoted and used against you

        Comment


        • #5
          Re: Windows 2003 & system32 and system directories

          Hi again.

          to make format is last solution.

          Where can I find a list of files which need to be located on directories system32 and system ? and if there is a list which also include the proper size for files inside those directories ?
          The rules DO apply to me.

          Comment


          • #6
            Re: Windows 2003 & system32 and system directories

            I don't know of any list, but I just checked on my System and System32 folders and there were a total of 6360 files totalling 347Mb. This is not the sort of task you can accomplish manually as the list will be different for just about EVERY server.

            I'll say it again; you MUST reformat.

            A sort of "Bodge job" would be to install some anti-virus software NOW, and have it repair the server - but there are so many viruses which try to change or disable anti-virus software that the only realistic solution is to reformat. Honestly.

            This is not something you can get around; you ARE in a "Last Resort" situation. Virusses make entries in the Registry and in Ini files; they change server settings, they do all sorts of things which you will not be able to stop just by replacing files. To that end, I will say now that I have given you my answer and I will not reply again.

            You cannot fix this, it must be reformatted. You can NEVER trust this server UNTIL it has been reformatted.
            Last edited by Stonelaughter; 15th January 2007, 10:45.


            Tom
            For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

            Anything you say will be misquoted and used against you

            Comment


            • #7
              Re: Windows 2003 & system32 and system directories

              Hi again,

              one more question.

              Does the reccovery tool which comes together with Windows 2003 server installation CD support a recovery of a whole directory ?

              which means that I can run a recovery command which will copy again only the files which inside the cd (from system and system 32 directories only).
              The rules DO apply to me.

              Comment


              • #8
                Re: Windows 2003 & system32 and system directories

                It seems to me like your not listening to the advice that has been given.

                The SYSTEM and SYSTEM32 folders will vary from server to server.

                Do you not have a complete system backup from a previous month that you can restore??

                Personally i would ensure that i have a good system backup and then reformat and restore. You will probably find that you will have more downtime using the method you are rather than following the advice given.

                Comment


                • #9
                  Re: Windows 2003 & system32 and system directories

                  Hello , I have more specific question regarding certain files.

                  1)

                  I have found a virus on the following file : inetsrv.exe
                  the directory which has been found is : c:\windows\system32
                  the name of the virus is : BackDoor.Servu.60

                  I would like to know if the file "inetsrv.exe" is legitimate file ?
                  does the location of that file is legitimate ?

                  2)

                  I have found a virus on the following file : winlogon.dll
                  the directory which has been found is : C:\WINDOWS\system32
                  the name of the virus is : Trojan.PWS.Gina

                  I would like to know if the file "winlogon.dll" is legitimate file ?
                  does the location of that file is legitimate ?

                  3)

                  I have found a virus on the following file : bw.exe
                  the directory which has been found is : C:\WINDOWS\system32
                  the name of the virus is : Trojan.Flashfxp

                  I would like to know if the file "bw.exe" is legitimate file ?
                  does the location of that file is legitimate ?

                  4)

                  I have found a virus on the following file : fup.exe
                  the directory which has been found is : C:\WINDOWS\system32
                  the name of the virus is : Tool.ScriptGod

                  I would like to know if the file "fup.exe" is legitimate file ?
                  does the location of that file is legitimate ?

                  5)

                  I have found a virus on the following file : in.exe
                  the directory which has been found is : C:\WINDOWS\system32
                  the name of the virus is : Trojan.Flashfxp

                  I would like to know if the file "in.exe" is legitimate file ?
                  does the location of that file is legitimate ?



                  that's all.
                  thanking everyone in advanced.
                  The rules DO apply to me.

                  Comment


                  • #10
                    Re: Windows 2003 & system32 and system directories

                    Your still not listening to what your being told.

                    The files have now been infected with viruses and will need deleting.

                    1. Yes. But not in its infected state.
                    2. No. I've never heard of this file.
                    3. No. I've never heard of the file.
                    4. No. I've never heard of the file.
                    5. No. I've never heard of the file.

                    Have you actually tried searching somewhere like www.sophos.com for help with these??

                    Comment


                    • #11
                      Re: Windows 2003 & system32 and system directories

                      What is you're current AV strategy?
                      Marcel
                      Technical Consultant
                      Netherlands
                      http://www.phetios.com
                      http://blog.nessus.nl

                      MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                      "No matter how secure, there is always the human factor."

                      "Enjoy life today, tomorrow may never come."
                      "If you're going through hell, keep going. ~Winston Churchill"

                      Comment


                      • #12
                        Re: Windows 2003 & system32 and system directories

                        Originally posted by wullieb1 View Post
                        Your still not listening to what your being told.

                        The files have now been infected with viruses and will need deleting.

                        1. Yes. But not in its infected state.
                        2. No. I've never heard of this file.
                        3. No. I've never heard of the file.
                        4. No. I've never heard of the file.
                        5. No. I've never heard of the file.

                        Have you actually tried searching somewhere like www.sophos.com for help with these??
                        I'm not finding INETSRV.EXE (#1) on my W2K3 machines. Isn't that an old W2K or WNT EXE? Now we have W3WP.EXE

                        Needless to say the OP's machine is FUBAR and needs to be re-paved.
                        Cheers,

                        Rick

                        ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

                        2006-2099 R Valstar. This post is offered "as is" for discussion purposes only with no express or implied warranty of any kind including, but not limited to, correctness or fitness for use. Nothing herein shall be construed as advice. Attempting any activity based on information in this post is done at your own risk.

                        Comment


                        • #13
                          Re: Windows 2003 & system32 and system directories

                          Hello to all members and thanks everyone.
                          I am going to scan the server with Sophos.
                          I will update you after I will run a scan while the server is in safe mode state.
                          Not every time that virus has been found there is need to run and make a format.
                          Please if you can , just answer to my question.
                          I would like to ask about recovery tool which comes together with the installation CD of windows 2003 server.

                          where can I found a guide about the recovery tool ?
                          I would like to know all the posibilties that this tool can provide.
                          Also I would like to know which specific features such a tool can supply.

                          thanking every one in advanced.
                          and by the way I do read what everyone is writting and I think about it.
                          The rules DO apply to me.

                          Comment


                          • #14
                            Re: Windows 2003 & system32 and system directories

                            Originally posted by rvalstar View Post
                            I'm not finding INETSRV.EXE (#1)
                            Buon giorno, Rick.
                            And I am glad you don't find it: http://www.file.net/process/inetsrv.exe.html It's one of those cases in which a virus uses a file with a name similar to something we know (Inetsrv = IIS). Same about winlogon.dll .
                            igoldman: A search usually is enough :http://www.google.co.il/search?hl=en...e+windows+2003 Check the third hit
                            Last edited by sorinso; 16th January 2007, 08:01.

                            Sorin Solomon


                            In order to succeed, your desire for success should be greater than your fear of failure.
                            -

                            Comment


                            • #15
                              Re: Windows 2003 & system32 and system directories

                              Originally posted by igoldman View Post
                              I would like to ask about recovery tool which comes together with the installation CD of windows 2003 server.

                              where can I found a guide about the recovery tool ?
                              I would like to know all the posibilties that this tool can provide.
                              Also I would like to know which specific features such a tool can supply.
                              Which recovery tool is that? The recovery console if you boot from the CD? That's really for use when you can't boot normally or through Safe Mode. See Sorin's Google link in his earlier post.

                              Or are you asking about something in support tools or ???
                              Last edited by rvalstar; 16th January 2007, 08:13. Reason: ref'd Sorin
                              Cheers,

                              Rick

                              ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

                              2006-2099 R Valstar. This post is offered "as is" for discussion purposes only with no express or implied warranty of any kind including, but not limited to, correctness or fitness for use. Nothing herein shall be construed as advice. Attempting any activity based on information in this post is done at your own risk.

                              Comment

                              Working...
                              X