PART TWO of post
=====================================
I’m using my server (Win2000 server SP2) as a web server
Win 2000 IIS
I use remote backup to a company iBackup to make backups
I use VNC to remotely manage the machine myself
I use WS_FTP for uploading/downloading files
SQL database is running
Visitor to the website are allowed to use a form to upload suggested website details for me to add
see example form at the bottom of the page
http://www.shambles.net/pages/learning/infolit/startpage/#addalink
The server is dedicated & is in a datahosting centre
Other strange anomolies I’ve noticed
When I restart the machine … the prompt window has “log off administrator” rather that “Restart Machine” … which it has always been at when restarting (remotely) for the last 3 years … I’m a 1,000 miles away from the server physically.
Also noticed twice that that when I’ve recently shutdown the machine remotely (with RESTART) it has prompted me to say that there is another user online … I’ve never seen that before … but it did get the adrenalin flowing. (still is)
Today when I connected I found that although AVAST server was installed all the modules has been switched off !!! … in fact I only use the standard one anyway
===================================================
I’ve just switched it back on and and now doing another “Thorough Scan”
including archived files
Virus Database 0611-0, 03/14/06
RESULTS ARE (viruses found)
File Name: C:\WINNT\system32\os2\com\con\prn\iosys\site\0day_0730\Active.WebCam.v5.0.Cracked.WinAll-CPHV\cphv1acw.zip\Active.WebCam.v5.0.Cracked.WinAll-CPHV.part1.rar\crack\WebCam.EXE[ASPack]
Malware Name: Win32:Crypto
Malware Type: Virus/Worm
VPS version: 0611-0, 03/14/2006
Action … DELETED Permanently (except final results say ERROR … cannot delete)
=====================
File Name: C:\WUTemp\Tool\ser.exe
Malware Name: Win32:Trojan-gen. {Other}
Malware Type: Virus/Worm
VPS version: 0611-0, 03/14/2006
Action … DELETED Permanently … seemed successful
====================
FINAL RESULTS OF SCAN
(Drat I cannot seem to ‘right click’ to copy&past)
Quite a number of files are shown as ‘cannot scan’
SO copied using Screen Shots
see
http://www.shambles.net/avast/screen1.jpg
and
http://www.shambles.net/avast/screen2.jpg
======================
I’ve just read about
Win32.Crypto
at
http://www.avp.ch/AVPVE/newexe/win32/crypto.stm
and it sounds all doom and gloom ;-(
but does not tell me how to get rid of it … or repair what it has done.
=======================
MORE INFO
When I look in the folder
C:\WINNT\system32\os2
(a)
I find a file oso001.009
with propertie
type of file: “009 FILE”
size 105KB
(b)
I find a folder named “dll”
and inside are two files
“doscalls.dll”
type of file: application extension
size 12,646 bytes
and
“netapi.dll”
type of file: application extension
size 247,860 bytes
====================================
Finally
In the TASK Manager
Applications running are
see
http://www.shambles.net/avast/screen3.jpg
Processes are
see
http://www.shambles.net/avast/screen4.jpg
and
http://www.shambles.net/avast/screen5.jpg
=====================================
Sorry this is rather long … but trying to consider all the information that might help you help me with what to do.
Thanks
Desperately fighting panic ;-(
Chris
Actually I do like your prompt when AVAST finds something wrong … “No Need to Panic” 