SBS2003 Not Authenticating Users/Other Computers - Possible DNS Pr

Hi,

We had our server running very slow and acting funny recently, and for 2
days users were sometimes not able to authenticate with the server (SBS2003,
with latest Service Packs)

We then found out that we were infected with Conficker, and even though we
run a hardware firewall (Fortinet box) as well as AV, it still managed to get
through.

(Fortinet tech support is reporting being overwhelmed and hasn't replied to
online support for days now - I wonder why!)

We then attempted disinfection with 2 different tools:

1. Bitware network version, which was able to disinfect workstations, but
could not take ownership of some .tmp files.

2. Enigma Software's tool, which originally got one on the server removed,
but there was another reported in SBCore, which it could not remove.

I then uninstalled TrendMicro's AV, and installed Avira's Small Business AV,
which scanned the whole primary drive and found nothing.

However, on the on-access reporting, it still reports an "EICAR_TEST_FILE"
being reported, which was how we detected the Conficker virus initially.

Before noting that we were infected (all scans were okay, with Malwarebytes,
ASquared, others), I decided to change the DNS settings and WINS as well.

However, I have now reverted back to the original DNS IP of the server for
the single LAN connection (our firewall is the gateway and DHCP server), and
still none of our workstations is able to connect or log onto the Domain.

Possibly AD is affected somehow?

All services appear to be working okay, and nothing is being reported in the
Event Log.

Can anyone advise what further steps I can take on this SBS box and should I
simply reinstall and migrate the Exchange store to the new HD?

Thanks in advance!

Hello SuperFlyBoy,

As this belongs to the SBS version, please use one of the newsgroups/forums
listed here:
www.sbs2008.com

There are the SBS experts.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Hi,
>
> We had our server running very slow and acting funny recently, and for
> 2 days users were sometimes not able to authenticate with the server
> (SBS2003, with latest Service Packs)
>
> We then found out that we were infected with Conficker, and even
> though we run a hardware firewall (Fortinet box) as well as AV, it
> still managed to get through.
>
> (Fortinet tech support is reporting being overwhelmed and hasn't
> replied to online support for days now - I wonder why!)
>
> We then attempted disinfection with 2 different tools:
>
> 1. Bitware network version, which was able to disinfect workstations,
> but could not take ownership of some .tmp files.
>
> 2. Enigma Software's tool, which originally got one on the server
> removed, but there was another reported in SBCore, which it could not
> remove.
>
> I then uninstalled TrendMicro's AV, and installed Avira's Small
> Business AV, which scanned the whole primary drive and found nothing.
>
> However, on the on-access reporting, it still reports an
> "EICAR_TEST_FILE" being reported, which was how we detected the
> Conficker virus initially.
>
> Before noting that we were infected (all scans were okay, with
> Malwarebytes, ASquared, others), I decided to change the DNS settings
> and WINS as well.
>
> However, I have now reverted back to the original DNS IP of the server
> for the single LAN connection (our firewall is the gateway and DHCP
> server), and still none of our workstations is able to connect or log
> onto the Domain.
>
> Possibly AD is affected somehow?
>
> All services appear to be working okay, and nothing is being reported
> in the Event Log.
>
> Can anyone advise what further steps I can take on this SBS box and
> should I simply reinstall and migrate the Exchange store to the new
> HD?
>
> Thanks in advance!
>