Solved

Windows 2000 Server with strange virus

Posted on 2007-03-21
1
207 Views
Last Modified: 2013-12-05
I have a windows 2000 server that was infected with bat_batten.a virus
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BAT_BATTEN.A

This is the best I can tell what it was.
It would not allow workstations to connect to any share on the server nor
would it connect to any share on any workstation.

I went through the entire list of registry edits and followed all the directions
of deleting and editing. This seemed to fix the majority of the problem, however,
the server still can't connect to its own share.

For example
if you type \\servername in  the run box
and it brings up all the shares
if you double click on one, it will tell you "network path not found".

any input would very much appreciated!!!!

0
Comment
Question by:pathwayscsb
1 Comment
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 500 total points
ID: 18815029
Is the virus gone? did you delete the 1.reg that were dropped in the windows folder?

It won't hurt to try and run SDFix even if you're not infected, the tool restores disabled reg entries.
It repairs the damage caused by Bot variants and restores the HOSTS file to MS Default, removes DisableRegistryTools/TaskManager restrictions and Policy Run Keys if present.

Download SDFix and save it to your desktop.
http://downloads.andymanchesta.com/RemovalTools/SDFix.zip

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
*  Instead of Windows loading as normal, a menu with options should appear;
*  Select the first option, to run Windows in Safe Mode, then press "Enter".
*  Choose your usual account.

*  Open the extracted folder and double click "RunThis.bat" to start the script.
*  Type "Y" to begin the script.
*  It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
*  Press any Key and it will restart the PC.
*  Your system will take longer that normal to restart as the fixtool will be running and removing files.
*  When the desktop loads the Fixtool will complete the removal and display "Finished", then press any key to end the script and load your desktop icons.


0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PREFACE The purpose of this guide is to explain what the SEPC Status Utility is and how it works. I have written the utility using AutoIt and have included the source code for your review. You are welcome to modify the code to your liking, but I wi…
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question