What a few weeks it has been! Orbits have been their busiest ever with more virus outbreaks than I can remember. I have been pulling all nighters to fix Servers, Desktops and Laptops from particularly virrilent strains. This has occurred at the same time as many clients are seeing a huge influx in SPAM. Coincidence? We think not.

The first major issue arose with a clients SBS 2003 server. It was fully patched, protected by Symantec Endpoint Protection with up to date definitions and regularly scanned for malware. One morning Symantec reported a couple of trojans detected in the IE cache, but had cleared them out apparently. As always with a virus infection don’t just assume its clear because one bit of software said it had sorted it. We ran Malwarebytes AntiMalware and Superantispyware which detected further trojans and attempted to clear them out. All seemed well until we rebooted after some Windows Updates and got the dreaded BSOD (Blue Screen of Death) on startup, reporting all manner of problems from disk controller errors to IRQ failures. Further scans reported nothing suspicious so a repair of the registry hives (C:/Windows/Repair) was the next step. System came back up but was far from stable and the next time Symantec updated its definitions a whole host of malware was found. This suggested to me that something new was out there and on this server.

Thats no good for a live server so a decision was made to reimage the machine to a date prior to the infection (Acronis saves the day again, what a tool). A quick blast of the image onto the machine, restore of the Exchange databases, AD, File Date and Sage gave the client a machine that was upto date and virus free and has been running without issue for the last few days. Closely monitored by us!

If the client didn’t have a backup and we were’nt working over night on it, this live server would have been down for a few days and their staff would have been pretty much idle.

Check your AV, check your backups and be alert. Don’t just open those Christmas e-cards!