Exchange 5.5 issue caused by virus ????

[jcck2003]

Hi All:

I believe all of you heard of recent stream of new virus and worms, we have been hit by many of them on our Exchange 5.5 box and VPN server host with NT server. (sp6a)

this morning some user reported to me the email was down, I looked at it, nothing occur to me first something was wrong, however, when I tried to get to the service manager in control panel, the system just sits there, and nothing else except the internet explorer would run, have anybody seem this issue ?

JDK

 

[blackrabbit]

Look at your Task Manager if you ca. Is DSAMAIN.EXE taking up about 99% of the cpu? This is happening on ours. I ran a check today becuase our anti-virus pattern file was outdated and when I updated it I found WORM_SOBIG.F all over my exchange server. DSAMAIN.EXE has been doing this since monday of last week right around the time this virus popped up.

 

[jcck2003]

I did see DSAMAIN.EXE running on the system, is that EXE part of the virus ???, but I don't remember it was 100% of the CPU though, our virus definition file is very up to date and I did a full scan (except the Exchange folders) and found nothing

any comments
thanks
JDK

 

[blackrabbit]

Its part of the echange directory service. ours has been gonig crazy. make sure you get a very new pattern file. We use trend micro products and they didn't have a patern file that found it until two days ago.

 

[jcck2003]

ours has the newest one out there, but I think it also got hit by bunch other things which tried to install FTP service in the mail server box

 

[blackrabbit]

I wound up doing the eseutil on our database, it did find some errors but i won't know if it worked until the morning when i check the server.

 

[usa5558]

any suggestions what kind of maintenance I should be performing on the exchange server? We are small business with 5 email accounts. However, exchange server is now taking up 5 gigabites of storage and I am down to 560 kb of storage on my c drive. Thanks, Rich

 

[mjtk]

I ran into some similar problems with the storage on c drive after sobig virus. Check to see if you NAV for exchange is set to "quarantine." The cause of my sudden disk space increase. If so change it to "delete attachments and send remainder to recipents" and delete your quarantine and backup files for NAV. They are located in c:\program files\navmse\backup and quarantine. Hope this help your storage problem a little. By the way, I have a 5.5 box.

 

[jcck2003]

that is pretty big for 5 users,

if you using both NAV for Exchange and NAV corp edition
also check your profile directory see if its filled with logs. I had cases where a corrupted virus definition, NAV making those .log files like crazy, eventually people find out when they can't print

1. check all your directories see what is actually taking up the space

2. check file by sizes, kill the big files first (do a search on any file more than 10-15 MB, if you delete all your finding, that is usually 80% your disk space back)

3. check the NT profiles folder, under All Users, Application data, Symantec ...etc

what about my oginial question, any more input ???

JDK