I would concur with this for a DC, I wouldn't hesitate to flatten it. I wouldn't even clean it. As soon as I knew it was infected it would be getting fdisked unless it was the one and only DC and then I would slap the crap out of myself for only having one DC and Dcpromo another and then flatten the DC.
joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Phil Renouf Sent: Monday, April 04, 2005 10:29 AM To: [email protected] Subject: Re: [ActiveDir] Virus issue on Domain Controller On Apr 1, 2005 3:04 PM, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > So, given what you are seeing, I am thinking that you are seeing the > effects of the Virus. If I were you (of course I'm not you, silly J), > my approach would be to flatten the infected DCs and rebuild them, > especially since you indicated that not all your DCs were infected. > Depending on what the Virus actually did, that, too, may not be a good > cure since it's possible that the infection had replicated to the > "clean" DCs. But, rather than trying to chase your tails, a reinstall is my best recommendation. That is always my recommendation for any server that is infected with a virus or has been hit by a trojan/rootkit etc. You might think that you have cleaned the server and gotten everything that it did reverted back to normal, but you really will never be able to say for certain that you got everything. For the sake of the time it would take you to rebuild the server you can save yourself a lot of headaches down the line. Phil List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
