Spyware problem

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

dear sir or madam:
I have a windows 2000 server. It was infected by spywares. I tried to use
Microsoft Antispyware to clean the spywares. But it is not complete.It is
much better than before. But it still have some pop-ups appear everyday.I
think it may somethings in the memory. I used Microsoft Antispyware to check
the running processes.Below address is the diagram of the check result.

http://kunchen.50megs.com/problem.htm

I am not sure what are the regular the processes and what are the supicious
spywares processes. Can you help me figure out? Thank you so much.!
 
Try running another program such as AdAware SE and also be sure to scan for
malware using your antivirus program making sure that are using the most
current definitions. It is very difficult to determine which processes are
legit or not depending on what you have installed on your computer. The best
thing to do is to compare to like known server that you know is not infected
with anything. Alertserver, bengine, benser, beserver, kern32, nsvr could be
suspect. Dameware can be a legitimate program if you installed it or it can
be used for back door control. Try using Process Explorer from SysInternals
as it will list publishers associated with an executable and tell you if the
file is signed or not. If the file is signed it most likely is a legitimate
file. Not being signed does not mean it is malware however. The publisher
names may help you determine if these processes are legitimate or not as
would a search of Google for the name of the file which could help identify
it as a operating system or application file or known to be related to a
malware or spyware. If a Google search does not turn up any info the file
may be malware/spyware that has not been identified or changes it's name at
random.


FYI it is not a good idea to surf the internet on a server or use it to get
email. That should be done on a workstation while you are logged on as a non
administrator. You are also running IIS web server on your Windows 2000
Server. If you are not using it as a web server of any sort, including for
SUS or Certificate Services, you should disable the WWW service and any
related services such as SMTP and FTP. If you are using it as a web server
be sure to use the IIS Lockdowntool/USLscan on your server. It would also be
a good idea to run the Microsoft Baseline Security Analyzer on your server
to check for basic vulnerabilities. --- Steve

http://www.sysinternals.com/ntw2k/freeware/procexp.shtml -- Process
Explorer.
http://www.microsoft.com/technet/security/tools/mbsahome.mspx --- MBSA.


"windows 2000 Spyware problem" <windows 2000 Spyware
(e-mail address removed)> wrote in message
 
TRY A MULTIPLE ATTACK, INCLUDE RUNNING SPYBOT SEARCH AND DESTROY AND
BAZOOKA AFTER THE MS APP AND ADAWARE.

ALSO, SET THEM ALL TO RUN NIGHTLY.
 
Back
Top