Issue with Exchange Server 2016 after Win32/IISExchgSpawnCMD.A

Dennis Wade 1 Reputation point
2021-03-19T18:02:16.233+00:00

Hello all, First, thanks in advance for reading my post, and I welcome any and all responses. Tolerance would be appreciated as this is very new to me but I am the only one available to try to get this problem corrected. On to the issue; our on-premises Exchange 2016 server was compromised and showed infection with several viruses. The most difficult to deal with was Win32/IISExchgSpawnCMD.A . I am confident that all traces of the viruses have been removed, but am still unable to get mail flowing to/from our server at this time. MS connectivity tool tells me that port 25 is blocked. I suspect there is a DNS issue - in looking through the log files /TransportRoles/Frontend/Connectivity I can see a clear demarcation between before and after. Before the server FQDN was giving a local address (10.0.0.x) and after it gives the public address (216.131.x.x). The hosts file has an entry for our local server, the NIC has the local server address as well (it is our internal DNS server). I am at a loss as to where to go to correct this problem. Can anyone offer tips on what/where to fix this problem? Dennis

Windows DHCP
Windows DHCP
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.DHCP: Dynamic Host Configuration Protocol (DHCP). A communications protocol that lets network administrators manage centrally and automate the assignment of Internet Protocol (IP) addresses in an organization's network.
1,034 questions
Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,481 questions
{count} votes