Wins, DNS, and DHCP problems!

Posted on 2004-11-23
Last Modified: 2010-03-18
My W2k DC server crashed this pass weekend while doing a virus scan.  After booting, the System Task-Service Controller and WINS services would not start.  The System Task-Service Controller service was new to me; System Task-Service Controller service executable path is c:\winnt\system32\services.exe.

After disabling System Task-Service Controller service, I noticed that it was now the path changed to c:\winnt\system32\service.exe.  Indicate that is maybe a trojan virus.  I download the most recent verision of Symantec Corporate Editon virus definitations, installed them, reboot and performed a clean scan on my server.

I updated the registry and changed the System Task-Service Controller back to c:\winnt\system32\services.exe.  Now WINS is not working.  DNS and DHCP services are started to have errors.  Has anyone expirenced these types of problems?

Question by:rileyadm
    LVL 15

    Expert Comment

    Check this out:

    this will verify the integrity of your windows 2000 system files, and everything that goes with it..
    LVL 51

    Assisted Solution

    The correct executable is "services.exe" - I suspect the "service.exe" is the trojan.
    LVL 18

    Expert Comment

    Read here:

    Can be more than one trojan with the name service.exe

    Author Comment

    Yan, I tried to verify system files  recommend in the tech note and ran into version conflicts on system files and could not reboot even in safe mode.  Anyway, I had to reinstall the OS and restore the AD configuration from the System State backup.   Now, I am back online with networking services.

    The service.exe or the System Task-Service Controller no longer appears in the Services control panel.  However, there is another service that is new to me Svhost service with an executable path as c:\winnt\system32\svchost2.exe.  Any ideas on how to resolve this issue?  It appears to be some kind of virus.

    LVL 18

    Accepted Solution

    Yes, it's a virus.

    Why don't you install latest security patches from Microsoft? The rpc vulnerability is well known and repaired. If you have AGOBOT chanses are that it has already infected more than one computer.

    Author Comment

    Sorry, I thought I closed already.  It was a trojan.  I scanned my box in safe-mode to resolved the problem

    Featured Post

    Courses: Start Training Online With Pros, Today

    Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

    Join & Write a Comment

    Sometimes you might need to configure routing based not only on destination IP address, but also on a combination of destination IP address (or hostname) and destination port number. I will describe a method how to accomplish this with free tools. …
    Have you ever set up your wireless router at home or in the office to find that you little pop-up bubble in the bottom right-hand corner of Windows read "IP Conflict - One of more computers on the network have been assigned the following IP address"…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now