Results 1 to 4 of 4
  1. #1
    New Lounger
    Join Date
    Dec 2009
    Location
    Central Illinois
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Windows Server 2003 login unavailable

    We have an older Windows 2003 server that runs SQL Server 2000. Recently AVG detected a virus and between AVG and Malware Bytes quite a few files were detected, quarantined, and deleted.

    These programs are no longer detecting new threats but periodically, once a day or so, remote desktop gets disabled and we cannot get the console login screen to display. A power down and restart gets the login screen back. Afterwards a user account named "china" and occasionally one called "administror" has been created and the firewall port for remote desktop and SQL Server access have been disabled. A fresh scan typically finds no threats. I manually delete the two bogus accounts and things appear to be fine although obviously they are not.

    The OS has all the service packs and updates that are available. I realize Server 2003 is past end-of-life. Is it just not viable any longer since it doesn't get updates?

    Suggestions on how to track down the problem further and get rid of it are most welcome.

    Tim

  2. Subscribe to our Windows Secrets Newsletter - It's Free!

    Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!

    Excel 2013: The Missing Manual

    + Get this BONUS — free!

    Get the most of Excel! Learn about new features, basics of creating a new spreadsheet and using the infamous Ribbon in the first chapter of Excel 2013: The Missing Manual - Subscribe and download Chapter 1 for free!

  3. #2
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    20,381
    Thanks
    1
    Thanked 595 Times in 532 Posts
    You may have a rootkit. Have a look at RootkitRevealer v1.71, How to detect and remove unknown rootkits, & Sophos - Remove rootkits with our free Virus Removal Tool.

    You should also check to ensure that only the minimal firewall ports required are open.

    Joe

  4. #3
    New Lounger
    Join Date
    Jun 2012
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Do you have the disks to re-install everything? Backup the database and re-install everything.

  5. #4
    Platinum Lounger
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    3,517
    Thanks
    7
    Thanked 220 Times in 208 Posts
    +1 for complete re-install. This is a server and it must be right or your data is toast.

    You also need to find out who was silly enough to run infected software on a server and hit them over the head until they stop. ;-))

    cheers, Paul

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •