Issue with Exchange Server 2016 after Win32/IISExchgSpawnCMD.A

  • Thread starter Thread starter DennisW-1
  • Start date Start date
D

DennisW-1

Guest
Hello all,


First, thanks in advance for reading my post, and I welcome any and all responses.

Tolerance would be appreciated as this is very new to me but I am the only one available to try to get this problem corrected.

On to the issue; our on-premises Exchange 2016 server was compromised and showed infection with several viruses. The most difficult to deal with was Win32/IISExchgSpawnCMD.A .


I am confident that all traces of the viruses have been removed, but am still unable to get mail flowing to/from our server at this time.

MS connectivity tool tells me that port 25 is blocked.


I suspect there is a DNS issue - in looking through the log files /TransportRoles/Frontend/Connectivity I can see a clear demarcation between before and after. Before the server FQDN was giving a local address (10.0.0.x) and after it gives the public address (216.131.x.x).


The hosts file has an entry for our local server, the NIC has the local server address as well (it is our internal DNS server).

I am at a loss as to where to go to correct this problem.


Can anyone offer tips on what/where to fix this problem?


Dennis

More...
 

Similar threads

M
Guidance for responders: Investigating and remediating on-premises Exchange Server vulnerabilities
Replies
0
Views
650
MSRC Team
M
M
Microsoft Exchange Server Vulnerabilities Mitigations – March 2021
Replies
0
Views
645
MSRC Team
M
T
Windows Server OS (2008, 2012, 2016) continues to use the old DNS addresses
Replies
0
Views
272
Todd Eichmann
T
A
Microsoft Exchange Server vulnerability - Hybrid Servers cant receive Cumulative Update
Replies
0
Views
130
ABerry04
A
P
Problem Removing Virus: Win32/Grenam.A
Replies
0
Views
119
Priyanshu Mehta
P
Back
Top