Unfortunately, there is no way to find with assurance all of the modified files and backdoors that might have been left without a complete re-install. Trying to patch up a compromised system risks a false sense of security and might actually aggravate an already bad situation.
Use this procedure to reclaim a compromised system.
Procedure
Turn off the server and disconnect it from the network.
Back up Communication Manager translations, but do not include any system files or system configuration files in the backup.
For more information, see Secure backup procedures. Translation are safe to back up because they contain internal consistency checking mechanisms.
Reformat the drive before re-installing software to ensure that no compromised remnants are hiding. Replacing the hard drive is a good idea, especially if you want to keep the compromised data for further analysis.
Re-install Communication Manager (30+ minutes).
Reconfigure the server using the Web configuration wizard or the Avaya Installation Wizard (AIW).
