Author Topic: Avast server version 4.7 really works?  (Read 3389 times)

0 Members and 1 Guest are viewing this topic.

vbird2k

  • Guest
Avast server version 4.7 really works?
« on: November 13, 2008, 06:11:35 PM »
Hello, friends,

Our website was hacked a few weeks ago. Hacker deleted our files and created two accounts: gg and scrilla. These two accounts can not be seen through Local Users and Groups in Computer Manager, but can be found under C:\Documents and Settings

We could see the modified date of ntuser.dat.LOG file under \gg and \scrilla directory changed every one or two days, indicating hackers accessed our web server from time to time. I guessed that they did so through Trojan virus.
 
So, I downloaded avast server version 4.7 for our Windows Server 2003, hoping it will protect our web site from hacking.

avast did find Trojan virus and deleted all of them.

I thought the modified date of ntuser.dat.LOG file would stop changing. However, I was wrong: The modified date of ntuser.dat.LOG file keeps changing, meaning that hackers can still by-pass avast, am I right?

We planned to pay if avast turned out to be good in 60 days trial period. However, this made us very frustrated.

Any ideas, suggestions? Thanks a lot for your help.

Offline scythe944

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2913
    • My Tech Blog
Re: Avast server version 4.7 really works?
« Reply #1 on: December 08, 2008, 08:50:35 PM »
It is possible that avast found the original programs that caused the problem, but now there are rootkits installed on your system that avast has yet to find.

Try using something like http://www.malwarebytes.org/ and http://onecare.live.com/site/en-us/default.htm
and do searches on your system.

However, once a rootkit gets installed on your system, it may or may not ever be able to be completely cleaned.  Sometimes it's better to completely re-install.  I understand that it's a server, and that is probably the last thing you want to hear, but you have to understand that if you are running a server, and it has access to the internet, it should have had anti-virus installed in the first place.  I know that these things get expensive, but think of how much you may have to spend to fix the problem, when it could have been prevented in the first place!

Anyway, do the scans with the malware cleaners and see if anything pops up.  If you can get it cleaned up, avast should be able to protect you from then on.

Good luck!
For generic computer (not avast) problems, you can also visit my forum for help: http://www.jacobytech.net/forum