I not "comfortable" with any product - MS, Symantec, or otherwise. I don't
trust any of them and always try to get a second opinion when dealing with
critical things - hence my problems.
I am still testing the situation on these servers because I am not positive
there has been an infection. I am punishing my self but I do not want to
take a chance that can be avoided. But I also do not want to disrupt
operations of the site and to get a hold of users to reset passwords if I
can avoid it.
I have duplicated the problem on another box that is totally hose-able
without a second thought - so it has been rebooted and unplugged from the
network. It is hosting a copy of the websites the other one had. I am
going to leave it running and isolated to see if the tool from Symantec will
generate a positive again. If so then I will feel confident that these are
false.
The main server has had an in place upgrade of Advanced Server which
solved a couple of other issues that server was having; as stated in my
first post, I already had a trouble ticket open with PSS regarding problems
assigning permissions. Re-service packed and re-hot fixed. Will monitor it
and decide what to do based on the test server results.
I will play around with that clean MS up tool on the test server if it
proves infected. Might be fun. If the Big one is infected a format and
reinstall will be my only option. Can't chance that one.
Thought this problem was fairly interesting and appreciate the help but I
will shut up if you guys want.
