BetaArchive Logo
Navigation Home Screenshots Image Uploader Server Info FTP Servers Wiki Forum RSS Feed Rules Please Donate
UP: 29d, 2h, 18m | CPU: 25% | MEM: 5830MB of 10924MB used
{The community for beta collectors}

Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 17 posts ] 
Author Message
 PostPost subject: BetaArchive Backup Server Offline        Posted: Sun Feb 22, 2009 1:06 pm 
Administrator
User avatar
Offline

Joined
Fri Aug 18, 2006 11:47 am

Posts
12473

Location
Merseyside, United Kingdom

Favourite OS
Microsoft Windows 7 Ultimate x64
Hello all,

Around 0:30am last night the BA backup server stopped responding, and although attempts to reboot were carried out the server did not come back online. Since it was late, I didn't bother pursuing it until this morning.

Even this morning the server remained unresponsive so I went to check why. Upon turning the screen on there was simply a blank screen. Despite several resets it never made it to the boot screen. Safe mode did work, but this is useless as none of the server components could load.

Despite several attempts to get it back online including hardware checks and error log checking, I have decided to simply reinstall the operating system. This is a slow task and will likely take me at least a few hours. No data has been lost however so don't worry. (Thats a relief to me as well, since downloading 700GB of betas again would be very annoying).

The server should be coming back online within the next 20-30 minutes, but won't be fully restored until at least 2 hours from now.

It should be noted that no backups have been performed in the last 12 hours, and likely won't be running until at least 3pm GMT.

Andy (Admin)

_________________
Image

BetaArchive Discord: https://discord.gg/epK3r6A


Top  Profile  WWW
 PostPost subject: Re: BetaArchive Backup Server Offline        Posted: Sun Feb 22, 2009 1:44 pm 
Administrator
User avatar
Offline

Joined
Fri Aug 18, 2006 11:47 am

Posts
12473

Location
Merseyside, United Kingdom

Favourite OS
Microsoft Windows 7 Ultimate x64
It would seem that somehow the server was affected by a very mild virus called "dl.exe". It would randomly appear when the backup software was run, which it was somehow attached to. It planted itself in system32, system restore and the program files of the backup software. All I had to do was disable system restore, and delete all instances of dl.exe from the system. It seems fine now and I'm working to restore the software.

EDIT: OK looks like this virus is smarter than I thought. It keeps randomly re-appearing. I'm installing AVG now to see if that can get rid of it.

_________________
Image

BetaArchive Discord: https://discord.gg/epK3r6A


Top  Profile  WWW
 PostPost subject: Re: BetaArchive Backup Server Offline        Posted: Sun Feb 22, 2009 2:05 pm 
Donator
User avatar
Offline

Joined
Sat May 12, 2007 1:05 pm

Posts
5271

Location
The Collection Book

Favourite OS
Windows & Phone
I hope you get rid of the virus.
They can be nasty.

Maybe off-topic:
A classmate of me had also an virus like this, and after deletion with McAfee it would scan the next drive and delete it there mean while it would copy itself back to the drive and it all started over again, I think it is still busy after 2 months.

_________________
Image
http://www.thecollectionbook.info
Subscribe to our Image for updates and like us on Image.

Reading Mode only, PM's possible.


Top  Profile  WWW
 PostPost subject: Re: BetaArchive Backup Server Offline        Posted: Sun Feb 22, 2009 3:02 pm 
Administrator
User avatar
Offline

Joined
Fri Aug 18, 2006 11:47 am

Posts
12473

Location
Merseyside, United Kingdom

Favourite OS
Microsoft Windows 7 Ultimate x64
AVG reported the virus as Win32/Gaelicum.A.

This virus replicates itself throughout all executable files on the system. It also interacts with the 16bit subsystem and causes random errors. "dl.exe" is a part of the virus as well and is replicated throughout the drive and registry.

I'm on my 2nd reinstall of Windows now, and this time I found a link: http://www.avg.com/us.virus-removal.ndi-93721 which has two executable files you can run to clean the system up. Lets hope I last long enough to be able to get that done before it strikes again.

_________________
Image

BetaArchive Discord: https://discord.gg/epK3r6A


Top  Profile  WWW
 PostPost subject: Re: BetaArchive Backup Server Offline        Posted: Sun Feb 22, 2009 3:23 pm 
Administrator
User avatar
Offline

Joined
Fri Aug 18, 2006 11:47 am

Posts
12473

Location
Merseyside, United Kingdom

Favourite OS
Microsoft Windows 7 Ultimate x64
I've managed to get Windows back on now and its scanning all of the drives for the virus. I also got AVG on running full time too so if it tries to run AVG should stop it.

_________________
Image

BetaArchive Discord: https://discord.gg/epK3r6A


Top  Profile  WWW
 PostPost subject: Re: BetaArchive Backup Server Offline        Posted: Sun Feb 22, 2009 9:48 pm 
That's good to hear that you should have it under control...

This might be alittle off topic but when i get a virus on my computer and it doesn't want to get off there (constantly re copying to the drive) i boot up a Linux distro that I've installed AVG Linux free on (i used reconstructor to put my own ubuntu system together) and will run the anti virus that way , This helps because then main os never loads so the files it usally can't scan the anti virus will scan due to the fact its not in use.

Nick


Top
 PostPost subject: Re: BetaArchive Backup Server Offline        Posted: Sun Feb 22, 2009 11:54 pm 
Donator
User avatar
Offline

Joined
Wed Aug 27, 2008 12:52 am

Posts
890

Location
United States

Favourite OS
Windows Server 2008 Standard
I heard ComboFix is a great AV tool, I think it's programmed in VB but it helped me remove a trojan when other methods didn't work.

_________________
Image


Top  Profile
 PostPost subject: Re: BetaArchive Backup Server Offline        Posted: Sun Feb 22, 2009 11:55 pm 
Administrator
User avatar
Offline

Joined
Fri Aug 18, 2006 11:47 am

Posts
12473

Location
Merseyside, United Kingdom

Favourite OS
Microsoft Windows 7 Ultimate x64
Got it sorted. AVG found all of the infected files and fixed them. I'm slowly getting everything back online.

_________________
Image

BetaArchive Discord: https://discord.gg/epK3r6A


Top  Profile  WWW
 PostPost subject: Re: BetaArchive Backup Server Offline        Posted: Mon Feb 23, 2009 5:10 am 
FTP Access
Offline

Joined
Fri Mar 28, 2008 11:34 am

Posts
913
Ahh, it's nice to hear you finally got rid of it.

My worst virus was Trojan.WinREG.Zapchast
At the time, I was one of the first infections (I know this because there were only 2 hits on google!), so I had to format :(


Top  Profile
 PostPost subject: Re: BetaArchive Backup Server Offline        Posted: Mon Feb 23, 2009 8:39 am 
Donator
Offline

Joined
Sat Feb 24, 2007 4:14 pm

Posts
6612

Location
United Kingdom

Favourite OS
Server 2012 R2
Thought I recognised this virus, I had it a long time ago on the Family PC under the alternative name of Win32/Tenga.A

Quite a nasty-quick spreader, thankfully Avast dealt with it for me :)

_________________
BuildFeed - the ultimate collaborative NT build list - Windows Longhorn - a look at a defining Microsoft project


Top  Profile  WWW
 PostPost subject: Re: BetaArchive Backup Server Offline        Posted: Mon Feb 23, 2009 8:45 am 
FTP Access
User avatar
Offline

Joined
Thu Oct 12, 2006 1:47 am

Posts
557

Location
Lismore, NSW, Australia

Favourite OS
Whistler
Well at least now you know next time to apply patches that are over 6 years old.

_________________
Slavic Wog to the Core!

My Mark; Shall you RIP. 15/06/1960 - 11/04/2014


Top  Profile
 PostPost subject: Re: BetaArchive Backup Server Offline        Posted: Mon Feb 23, 2009 8:53 am 
Donator
Offline

Joined
Sat Feb 24, 2007 4:14 pm

Posts
6612

Location
United Kingdom

Favourite OS
Server 2012 R2
Alexsis wrote:
Well at least now you know next time to apply patches that are over 6 years old.


While it can spread using that flaw, it's not it's sole method of spreading. It appends itself to EXE files all over the hard drive, so that when they run it reintroduces the files into the system. It also means if you download an infected EXE, you can get the virus that way.

_________________
BuildFeed - the ultimate collaborative NT build list - Windows Longhorn - a look at a defining Microsoft project


Top  Profile  WWW
 PostPost subject: Re: BetaArchive Backup Server Offline        Posted: Mon Feb 23, 2009 8:57 am 
FTP Access
User avatar
Offline

Joined
Thu Oct 12, 2006 1:47 am

Posts
557

Location
Lismore, NSW, Australia

Favourite OS
Whistler
I didn't mention that because I thought anyone running a backup server wouldn't be randomly downloading files onto a server and launching them, unless some of the software installed on the server is warez, or you're not scanning files prior to transferring them over to a backup server...and if that was the case, then what was Patient X?

I remember this Worm from when it first spread, it infected every system (happened with blaster too...) at the college I was working at, thankfully I was just a DV-Studies Tech, not an IT Tech.

_________________
Slavic Wog to the Core!

My Mark; Shall you RIP. 15/06/1960 - 11/04/2014


Top  Profile
 PostPost subject: Re: BetaArchive Backup Server Offline        Posted: Mon Feb 23, 2009 1:00 pm 
Donator
Offline

Joined
Fri Aug 18, 2006 12:05 pm

Posts
698

Location
Or-stray-liagh
Well, a good lesson here, always make sure your antivirus software is up to date. What's that, you don't run antivirus on your server? Well, you deserve a virus then. :P

_________________
pr0gram the pr0grammer
BetaArchive retiree | OSBA Expat


Top  Profile
 PostPost subject: Re: BetaArchive Backup Server Offline        Posted: Mon Feb 23, 2009 1:01 pm 
Administrator
User avatar
Offline

Joined
Fri Aug 18, 2006 11:47 am

Posts
12473

Location
Merseyside, United Kingdom

Favourite OS
Microsoft Windows 7 Ultimate x64
pr0gram the pr0grammer wrote:
Well, a good lesson here, always make sure your antivirus software is up to date. What's that, you don't run antivirus on your server? Well, you deserve a virus then. :P


Normally I didn't because in 4 years of running a server at home I've not had a virus on it, but there is a first time for everything. Now I'm running AVG Pro on both my server and laptop.

_________________
Image

BetaArchive Discord: https://discord.gg/epK3r6A


Top  Profile  WWW
 PostPost subject: Re: BetaArchive Backup Server Offline        Posted: Mon Feb 23, 2009 10:08 pm 
Donator
Offline

Joined
Fri Oct 26, 2007 5:12 pm

Posts
2461
Andy wrote:
pr0gram the pr0grammer wrote:
Well, a good lesson here, always make sure your antivirus software is up to date. What's that, you don't run antivirus on your server? Well, you deserve a virus then. :P


Normally I didn't because in 4 years of running a server at home I've not had a virus on it, but there is a first time for everything. Now I'm running AVG Pro on both my server and laptop.


That's just asking for trouble 8-)


Top  Profile
 PostPost subject: Re: BetaArchive Backup Server Offline        Posted: Mon Mar 02, 2009 7:11 pm 
FTP Access
Offline

Joined
Tue Oct 23, 2007 11:21 pm

Posts
595
hounsell wrote:
Thought I recognised this virus, I had it a long time ago on the Family PC under the alternative name of Win32/Tenga.A

Quite a nasty-quick spreader, thankfully Avast dealt with it for me :)


I also got Tenga.A as six-character random file names in all of my shared folders. The EXE had the Windows XP folder icon.
Also "Win32:Wuke-B" (GameSetup.exe, 8-bit installshield icon) got contracted on the same folders.

Did I forgot to check "Read-only" on my shared folders?

Luckily the "damage" went no longer than here -- I have C$ and ADMIN$ turned off thanks to TuneUp Utilities.


Top  Profile
Display posts from previous:  Sort by  
Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 17 posts ] 




Who is online

Users browsing this forum: No registered users and 6 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  

All views expressed in these forums are those of the author and do not necessarily represent the views of the BetaArchive site owner.

Powered by phpBB® Forum Software © phpBB Group

Copyright © 2006-2018

 

Sitemap | XML | RSS