help please

  • Thread starter Thread starter mike leahy
  • Start date Start date
M

mike leahy

hi , i am running win 2k small business server with sp 3.
my hard disk is constantly losing space, i free up space
only to find 1.5 gb eaten up at night time. my broadband
company have informed me that there is high network
activity going out of my network, i need to find out how
to stop this space being eaten up every night,,,,, is it
a hacker. my virus scan is up to date and its not that..
 
Hi Mike,

Do you have a firewall. If so have you checked the logs for any unusual
activity. When you say you're hard drive space is eaten up what is is being
eaten up with. What directories are effected?

If internet connectivity is not critical overnight you could disconnect you
broadband connection for one night and see is your hard drive space
effected.
 
paul

yes i am going to disconnect it tonight and run some
spybot today to see for spyware. could spyware eat up
that much space
 
Hi Mike,

I would doubt very much if this is related to adware/spyware. I would be
inclined to think it is some sort of attack from the internet if you have no
firewall in place.

If you don't you could try some of the personal firewalls (such as ZoneAlarm
Pro) If your server is the only connected device this might be an option.
Zonealarm can easily be programmed to allow outgoing traffic from your
network but block incoming traffic.

HTH

Paul
 
we have a 3com firewall in place with only the proper
ports in place, the bad mail directory is 2.5gb in
space.there is 700m ram in the system. and store.exe is
hogging loads of power. what can i do without adding more
memory
 
we have a 3com firewall in place with only the proper
ports in place, the bad mail directory is 2.5gb in
space.there is 700m ram in the system. and store.exe is
hogging loads of power. what can i do without adding more
memory
 
If you did a virus scan and found nothing and still experience to problem you need to
get at least a second opinion with another virus scan program and also a program that
is more geared to find trojans. The first two links below are for the free Trend
Micro Sysclean scan and removal tool and pattern file that will scan for many common
infections. Download and upzip both into the same folder and run from there.

http://www.trendmicro.com/download/dcs.asp
http://www.trendmicro.com/download/pattern.asp
http://tds.diamondcs.com.au/index.php?page=download -- free download for trojans.
http://www.microsoft.com/technet/security/guidance/avdind_0.mspx -- Microsoft
Antivirus Defense Guide'

There are several free tools from SysInternals that you can use to try and track down
what is going on. In particular TCPView, Process Explorer, Autoruns, and filemon.
TCPView will show what ports your computer is using and the related process. In the
process properties you can find the executable and path to it. Process Explorer gives
much more detailed info on processes. Autoruns displays startup programs on your
computer and filemon lets you monitor file access. See the link below on where to get
these tools and more info on them.

http://www.sysinternals.com/ntw2k/source/tcpview.shtml

Review the two links below. The first is Microsoft guidance on small business
security to help prevent this from happening again and the second is for why you
should consider rebuilding your server if it is found to be compromised. -- Steve

http://www.microsoft.com/smallbusiness/gtm/securityguidance/hub.mspx
http://www.microsoft.com/technet/community/columns/secmgmt/default.mspx
 
Back
Top