Results 1 to 4 of 4
  1. #1
    New Lounger
    Join Date
    Dec 2009
    Location
    Central Illinois
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Windows Server 2003 login unavailable

    We have an older Windows 2003 server that runs SQL Server 2000. Recently AVG detected a virus and between AVG and Malware Bytes quite a few files were detected, quarantined, and deleted.

    These programs are no longer detecting new threats but periodically, once a day or so, remote desktop gets disabled and we cannot get the console login screen to display. A power down and restart gets the login screen back. Afterwards a user account named "china" and occasionally one called "administror" has been created and the firewall port for remote desktop and SQL Server access have been disabled. A fresh scan typically finds no threats. I manually delete the two bogus accounts and things appear to be fine although obviously they are not.

    The OS has all the service packs and updates that are available. I realize Server 2003 is past end-of-life. Is it just not viable any longer since it doesn't get updates?

    Suggestions on how to track down the problem further and get rid of it are most welcome.

    Tim

  2. #2
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    20,656
    Thanks
    2
    Thanked 635 Times in 568 Posts
    You may have a rootkit. Have a look at RootkitRevealer v1.71, How to detect and remove unknown rootkits, & Sophos - Remove rootkits with our free Virus Removal Tool.

    You should also check to ensure that only the minimal firewall ports required are open.

    Joe

  3. #3
    New Lounger
    Join Date
    Jun 2012
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Do you have the disks to re-install everything? Backup the database and re-install everything.

  4. #4
    Platinum Lounger
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    3,846
    Thanks
    7
    Thanked 253 Times in 238 Posts
    +1 for complete re-install. This is a server and it must be right or your data is toast.

    You also need to find out who was silly enough to run infected software on a server and hit them over the head until they stop. ;-))

    cheers, Paul

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •