I am a IT guy for an accounting firm in south Africa AND I NEED YOUR HELP!
Our windows 03 server has been infected with some type of virus/spamware. when the server is connected to the network, no staff pc's can browse the internet, the server is not able to browse if it is the only pc on the network.
upon closer investigation (-netstat) i have found that the server sends syn_sent to random IP addresses every 5 seconds or so starting from port 1026, it seems to be using all our open ports, our firm usually uses 12GB per month, this virus has upped our usage to 32GB overnight(it all started about 24 hours ago so its done 20GB since then)
I have AVG network edition and ad-aware (free - just installed it) installed on the server, I am currently @ home with the servers hard drive running a eset smart security scan on the server drive. I have not picked anything up yet. is it possible the virus is remote? at a loss here guys.
Edited by jprheeder, 29 June 2010 - 10:28 AM.