Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Windows 2000 Server with strange virus

Posted on 2007-03-21
1
209 Views
Last Modified: 2013-12-05
I have a windows 2000 server that was infected with bat_batten.a virus
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BAT_BATTEN.A

This is the best I can tell what it was.
It would not allow workstations to connect to any share on the server nor
would it connect to any share on any workstation.

I went through the entire list of registry edits and followed all the directions
of deleting and editing. This seemed to fix the majority of the problem, however,
the server still can't connect to its own share.

For example
if you type \\servername in  the run box
and it brings up all the shares
if you double click on one, it will tell you "network path not found".

any input would very much appreciated!!!!

0
Comment
Question by:pathwayscsb
1 Comment
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 500 total points
ID: 18815029
Is the virus gone? did you delete the 1.reg that were dropped in the windows folder?

It won't hurt to try and run SDFix even if you're not infected, the tool restores disabled reg entries.
It repairs the damage caused by Bot variants and restores the HOSTS file to MS Default, removes DisableRegistryTools/TaskManager restrictions and Policy Run Keys if present.

Download SDFix and save it to your desktop.
http://downloads.andymanchesta.com/RemovalTools/SDFix.zip

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
*  Instead of Windows loading as normal, a menu with options should appear;
*  Select the first option, to run Windows in Safe Mode, then press "Enter".
*  Choose your usual account.

*  Open the extracted folder and double click "RunThis.bat" to start the script.
*  Type "Y" to begin the script.
*  It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
*  Press any Key and it will restart the PC.
*  Your system will take longer that normal to restart as the fixtool will be running and removing files.
*  When the desktop loads the Fixtool will complete the removal and display "Finished", then press any key to end the script and load your desktop icons.


0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question