downadup.gen attack after effects - service not starting due to rpc... RRS feed

  • Question

  •  Can anyone please help out on the best way to bring my AD, DNS and other criticcal Exchange services up again after i have had a downadup.gen worm attack? I have isolated the AD Server which also serves as the Mail server but i keep getting logon failure audits with event ID 680, 539, etc in the Security log. The DNS error are 4013, 4000, essentially it tells me its unable to register with AD. On the System log side, the most common errors are... SPENGO, LsaSrv:40960 and 10005, etc.
    Note that most of the services which depends on the RPC Service could not start, and there are many of these services. I have downloaded and run the MS Security Patch for the above worm and scanned the system with my Antivirus software which was detected and killed the worm.

    Can someone please help with smart ideas!!!

    • Moved by Hengzhe Li Tuesday, June 21, 2011 12:21 PM Forum Consolidate (From:Microsoft Security Development Lifecycle (SDL) - Threat Modeling)
    Saturday, February 7, 2009 10:55 AM