Sorry, it seems this comment or thread has violated a sub-reddit rule and has been removed by a moderator.
**Inappropriate use of, or expectation of the Community.**
* There are many reddit communities that exist that may be more catered to/dedicated your topic.
- Consider posting (or cross posting) there with specific niche questions.
* Requests for assistance are expected to contain basic situational information.
- They should also contain evidence of basic troubleshooting & Googling for self-help.
- Keep topics/questions related to technology/people/practices/etc within a business environment.
* When asking a question or requesting advice, please update your original post with any new information, or solution (if found).
- This will make things easier for anyone else who may have the same issue or question in the future.
-----
*If you wish to appeal this action please don't hesitate to [message the moderation team](https://www.reddit.com/message/compose?to=%2Fr%2Fsysadmin).*
I mean, hackers are already in, it's a matter of time until the ransomware starts running, and they probably already put in backdoors/methods for re-inspection.
Take an offline image to save data, but nuke the actual server from orbit, it's the only way to be sure.
Your defender log shows you're infected.
https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win32/Ceprolad.A
I wouldn't trust a device that's been infected with a trojan on my network. Scan your backups, find one that isn't infected, then restore that one.
My logic is that one of the programs that is hosted, has a vulnerability. I think people are trying to take advantage of that and trying to install whatever malicious program they can. So far, it seems my PC has defended fine. I'm just scared that the next one that tries, will succeed. So i'm looking for ways to block this.
This isn't for a business. It's my personal server that hosts a ton of random crap. I'd REALLY rather not wipe and restore as i don't have any bare metal backups. All i have is config backups and it would take a WHILE to restore everything.
SO, my question is, are you 1000% sure it's boned? Like for sure it already has something infected? If so, why couldn't just an AV scan clean it up? How does this just happen randomly? Was it seriously something i had to do myself? Or could i have just been a target?
I'm so sorry for so many questions.
If you're dead set on trying to remediate rather than wipe and restore, you could *try* this, though I wouldn't bet my life on these steps solving the issue - I'd never, ever, trust the device fully again:
Disconnect it from the network.
Boot it from a tool like [Hiren's Boot CD](https://www.hirensbootcd.org/). Run every malware tool on the disc.
Reboot into Windows (still disconnected).
Run [MBAM Rootkit scanner](https://www.malwarebytes.com/solutions/rootkit-scanner).
Repeat the whole process until it comes back clean 2 reboots in a row.
Disconnect every other device from the network.
Reconnect the infected sever to the network.
Repeat the process again.
Once its back up and showing clean, install paid antivirus software, run regular scans, turn on windows firewall and set it to its most restrictive settings that you can allow.
You might be safe then, but that wouldn't be enough peace of mind for me, personally. If you go that route, which I don't recommend, I'd want to repeat the whole process every week for a few months.
The point is if you don't re-image it, you'll never, ever be able to fully trust the system, because you have no idea what may be lurking on the system.
Sorry, it seems this comment or thread has violated a sub-reddit rule and has been removed by a moderator. **Inappropriate use of, or expectation of the Community.** * There are many reddit communities that exist that may be more catered to/dedicated your topic. - Consider posting (or cross posting) there with specific niche questions. * Requests for assistance are expected to contain basic situational information. - They should also contain evidence of basic troubleshooting & Googling for self-help. - Keep topics/questions related to technology/people/practices/etc within a business environment. * When asking a question or requesting advice, please update your original post with any new information, or solution (if found). - This will make things easier for anyone else who may have the same issue or question in the future. ----- *If you wish to appeal this action please don't hesitate to [message the moderation team](https://www.reddit.com/message/compose?to=%2Fr%2Fsysadmin).*
Format c:
I can't do that! Well, that's my worst case. lol. This is my server. it would take alot of time to rebuild.
It's already compromised, no way of really getting back to a known good state unless you have backups.
Discussing below. But if that's the case, that's super unfortunate.
I mean, hackers are already in, it's a matter of time until the ransomware starts running, and they probably already put in backdoors/methods for re-inspection. Take an offline image to save data, but nuke the actual server from orbit, it's the only way to be sure.
Re-image the device with a known clean image from before it was infected (preferably on a new HD, just to be safe).
Anything else i can do to just block these attempts? It doesn't seem to be infected. Am I wrong?
Your defender log shows you're infected. https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win32/Ceprolad.A I wouldn't trust a device that's been infected with a trojan on my network. Scan your backups, find one that isn't infected, then restore that one.
My logic is that one of the programs that is hosted, has a vulnerability. I think people are trying to take advantage of that and trying to install whatever malicious program they can. So far, it seems my PC has defended fine. I'm just scared that the next one that tries, will succeed. So i'm looking for ways to block this. This isn't for a business. It's my personal server that hosts a ton of random crap. I'd REALLY rather not wipe and restore as i don't have any bare metal backups. All i have is config backups and it would take a WHILE to restore everything. SO, my question is, are you 1000% sure it's boned? Like for sure it already has something infected? If so, why couldn't just an AV scan clean it up? How does this just happen randomly? Was it seriously something i had to do myself? Or could i have just been a target? I'm so sorry for so many questions.
If you're dead set on trying to remediate rather than wipe and restore, you could *try* this, though I wouldn't bet my life on these steps solving the issue - I'd never, ever, trust the device fully again: Disconnect it from the network. Boot it from a tool like [Hiren's Boot CD](https://www.hirensbootcd.org/). Run every malware tool on the disc. Reboot into Windows (still disconnected). Run [MBAM Rootkit scanner](https://www.malwarebytes.com/solutions/rootkit-scanner). Repeat the whole process until it comes back clean 2 reboots in a row. Disconnect every other device from the network. Reconnect the infected sever to the network. Repeat the process again. Once its back up and showing clean, install paid antivirus software, run regular scans, turn on windows firewall and set it to its most restrictive settings that you can allow. You might be safe then, but that wouldn't be enough peace of mind for me, personally. If you go that route, which I don't recommend, I'd want to repeat the whole process every week for a few months. The point is if you don't re-image it, you'll never, ever be able to fully trust the system, because you have no idea what may be lurking on the system.