Solved

Windows 2000 Server with strange virus

Posted on 2007-03-21
1
204 Views
Last Modified: 2013-12-05
I have a windows 2000 server that was infected with bat_batten.a virus
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BAT_BATTEN.A

This is the best I can tell what it was.
It would not allow workstations to connect to any share on the server nor
would it connect to any share on any workstation.

I went through the entire list of registry edits and followed all the directions
of deleting and editing. This seemed to fix the majority of the problem, however,
the server still can't connect to its own share.

For example
if you type \\servername in  the run box
and it brings up all the shares
if you double click on one, it will tell you "network path not found".

any input would very much appreciated!!!!

0
Comment
Question by:pathwayscsb
1 Comment
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 500 total points
Comment Utility
Is the virus gone? did you delete the 1.reg that were dropped in the windows folder?

It won't hurt to try and run SDFix even if you're not infected, the tool restores disabled reg entries.
It repairs the damage caused by Bot variants and restores the HOSTS file to MS Default, removes DisableRegistryTools/TaskManager restrictions and Policy Run Keys if present.

Download SDFix and save it to your desktop.
http://downloads.andymanchesta.com/RemovalTools/SDFix.zip

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
*  Instead of Windows loading as normal, a menu with options should appear;
*  Select the first option, to run Windows in Safe Mode, then press "Enter".
*  Choose your usual account.

*  Open the extracted folder and double click "RunThis.bat" to start the script.
*  Type "Y" to begin the script.
*  It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
*  Press any Key and it will restart the PC.
*  Your system will take longer that normal to restart as the fixtool will be running and removing files.
*  When the desktop loads the Fixtool will complete the removal and display "Finished", then press any key to end the script and load your desktop icons.


0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

By the time you finish reading this article, you may have already lost all your money because you don't know the simple steps to securing your BitCoin wallet. BitCoin is an incredible invention. It is a decentralized currency system, which is the…
Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now