Do these files look like virus remnants?

Miles Hayler asked:

We’ve been having Backup Exec issues related to a corrupt file within SYSVOL on an SBS 2008 server. An anti-virus scan removed a file (the same one BE was failing on) from within the scripts folder as a trojan.

The following files are still in the scripts folder, and I’ve not seen anything similar in the same location on any of our other SBS 2008 servers so I’m tempted to just delete them as being related to the trojan.

enter image description here

Would you recommend removing them or leaving them? I can post their contents if that would help.

My answer:


It appears some bits have been flipped in those files’ names. Whether this was because of the trojan or not, it’s difficult to say. But given the names of the files, it’s very unlikely that they have any particular importance, or if they do, they are easily replaced.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.