computer keeps rebooting and NOD32 is not picking up any viruses...
hey all,
on my exchange server, i dont know if i'm infected with anything, but it keeps going down (mostly late at night) but has gone down a few times real early in the morning and a maybe once or twice before noon time. i noticed a service that kept starting around the time it went down which was the ati hotkey poller, so i disabled that, now another server keeps starting, server administrator, which i disabled, deleted most of the reg keys (that would be started) and its still starting! i dont know if that service has anything to do with it rebooting, as its logged (shows up) before the error of "the previous system shutdown was unexpected" but the server administrator event time is logged after that system shutdown error <>
anyway, i've done sooo many scans with nod32, ad-aware, microsoft antispyware, spybot, and come up clean. so what i think thats telling me is that a virus already snuck in and is hiding itself maybe somewhere in the registry. i've used hijack this and used an online analyzer, but really dont come up with any unusual. my exchange is 2000 server and windows 2000 server also. if anyone has any ideas how to fix this or need more info, please let me know. thanks!
jime0726
Junior Poster in Training
92 posts since Feb 2004
Reputation Points: 11
Solved Threads: 0
one thing i want to mention is we're also using GFI Mailsecurity for emails and have 2 av scanning engines enabled, the bitdefender and norman. could nod32 be conflicting with either of these? i could test it by disabling those but i'm only using a trial of nod32 and need email scanning. when i had symantecs corporate edition on that server, it ran fine with those 2 scanning engines.....any ideas? thanks!
jime0726
Junior Poster in Training
92 posts since Feb 2004
Reputation Points: 11
Solved Threads: 0
i correct my subject....i did another scan and nod32 did pick up the bagle.bl virus and it didnt give the option to delete, only leave alone. so i located the emails in the quarantine folder and deleted the infected emails. i'm assuming something is still infected because my server just went down an hr ago during the scan.
jime0726
Junior Poster in Training
92 posts since Feb 2004
Reputation Points: 11
Solved Threads: 0
how true your statement is! :) yea, i'll check out some of those new tools and see what i come up with....as for the trial and error, i would normally use that method, however, i really dont want to disable any sort of virus protection on that server because soo many emails are getting quarantined from threats of viruses and if i disable anything, my fear is having it reach a user and infect more then just our mail server....i'll play around with some things to see where that takes me....thanks for the help!
jime0726
Junior Poster in Training
92 posts since Feb 2004
Reputation Points: 11
Solved Threads: 0
