Archived from groups: microsoft.public.win2000.security (
More info?)
TRY A MULTIPLE ATTACK, INCLUDE RUNNING SPYBOT SEARCH AND DESTROY AND
BAZOOKA AFTER THE MS APP AND ADAWARE.
ALSO, SET THEM ALL TO RUN NIGHTLY.
On Fri, 4 Mar 2005 14:03:10 -0600, "Steven L Umbach"
<n9rou@nospam-comcast.net> wrote:
>Try running another program such as AdAware SE and also be sure to scan for
>malware using your antivirus program making sure that are using the most
>current definitions. It is very difficult to determine which processes are
>legit or not depending on what you have installed on your computer. The best
>thing to do is to compare to like known server that you know is not infected
>with anything. Alertserver, bengine, benser, beserver, kern32, nsvr could be
>suspect. Dameware can be a legitimate program if you installed it or it can
>be used for back door control. Try using Process Explorer from SysInternals
>as it will list publishers associated with an executable and tell you if the
>file is signed or not. If the file is signed it most likely is a legitimate
>file. Not being signed does not mean it is malware however. The publisher
>names may help you determine if these processes are legitimate or not as
>would a search of Google for the name of the file which could help identify
>it as a operating system or application file or known to be related to a
>malware or spyware. If a Google search does not turn up any info the file
>may be malware/spyware that has not been identified or changes it's name at
>random.
>
>
>FYI it is not a good idea to surf the internet on a server or use it to get
>email. That should be done on a workstation while you are logged on as a non
>administrator. You are also running IIS web server on your Windows 2000
>Server. If you are not using it as a web server of any sort, including for
>SUS or Certificate Services, you should disable the WWW service and any
>related services such as SMTP and FTP. If you are using it as a web server
>be sure to use the IIS Lockdowntool/USLscan on your server. It would also be
>a good idea to run the Microsoft Baseline Security Analyzer on your server
>to check for basic vulnerabilities. --- Steve
>
>http://www.sysinternals.com/ntw2k/freeware/procexp.shtml -- Process
>Explorer.
>http://www.microsoft.com/technet/security/tools/mbsahome.mspx --- MBSA.
>
>
>"windows 2000 Spyware problem" <windows 2000 Spyware
>problem@discussions.microsoft.com> wrote in message
>news:651C35F6-13C6-4641-834E-D81A34B5A237@microsoft.com...
>> dear sir or madam:
>> I have a windows 2000 server. It was infected by spywares. I tried to
>> use
>> Microsoft Antispyware to clean the spywares. But it is not complete.It is
>> much better than before. But it still have some pop-ups appear everyday.I
>> think it may somethings in the memory. I used Microsoft Antispyware to
>> check
>> the running processes.Below address is the diagram of the check result.
>>
>>
http://kunchen.50megs.com/problem.htm
>>
>> I am not sure what are the regular the processes and what are the
>> supicious
>> spywares processes. Can you help me figure out? Thank you so much.!
>