I know I patched this server but I am not taking any more chances.
Hello Folks -
It appears one of my servers got the backdoor worm - I can scan it sometimes and it shows clean and other times a memory scan shows an infection. There is no root.exe file anywhere on the server so I am not totally convinced but I prefer not to take chances.
I have disabled the www service for now and am backing up my data. I am wondering if there is a way to recover my SAM database without running a risk of re-infection? I can recreate it but it would add hours to this and I would prefer not to. Since I do not know when the infection took place I am not sure of a reliable pre-infection backup so I am not even going to attempt that route.
Would an ERD made today have the SAM? Should I trust it if it does?
The server is a P111 with 2 gigs of ram Win2k SP2 Sql 7 IIS 5 - web server - no standalone - no domain.
TIA
Jim
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm