I'm troubleshooting a friend's Windows 2k3 file server (that I had setup for them a few weeks ago). It got infected by a tenga.gen virus and he's trying to clean it now but doesn't have a server anti-virus on hand.
However, in the long run, would it be recommended to try to clean the server and get all traces of the virus off or just do a wipe and reinstall?
Normally, I would recommend the wipe and reinstall with a new virus scan from the start and slowly migrate verified cleaned files back onto it, but I moved out of the area and can't help in person.
Once code has been allowed to run with administrative privelages, the machine can no longer be trusted.
File listings, registry keys, network access - can all be comprimised; and you wouldn't be able to tell from the machine itself.
You can hope that the virus isn't a bad one, and didn't do the very nasty things. But the only way to be sure is to reinstall.
Given this analysis from Sophos, wipe and reinstall. It enables a remote command and control session, meaning anything else could be on there as well. So it's not just Win32/Tenga that you're worried about, but whatever else has been deployed subsequent to the infection.