Our SBS 2011 server was infected by a couple of ZeroAccess rootkits yesterday.
I've run several removal programs (Sophos, Kaspersky, RogueKiller, Malwarebytes), and they appear to be gone.
A number of services weren't working - BFE, MPSSVC and I found reference to a program called RepairServices.exe; downloaded and ran it, found out later it was for WIN7 not SBS 2011.
Now a number of services appear to be setup incorrectly in the registry, based on my observations and the .reg files that were updated by RepairServices.
The affected services are:
BFE, BITS, IPHLPSVC, MPSSVC, SHAREDACCESS, WINDEFEND, WSCSVC and WUAUSERV.
Can anyone suggest the best way to resolve this problem?
I have a full backup on an external HD that completed about 3 hours before the rootkit incident, but I'm not sure of the best way to resolve the services problem (or if the backup is good).
I'd rather not lose the users' information from yesterday if possible.
SBS is up and running right now (sort of crippled).
TIA,
Mike