Solved

Windows 2000 Server with strange virus

Posted on 2007-03-21
1
205 Views
Last Modified: 2013-12-05
I have a windows 2000 server that was infected with bat_batten.a virus
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BAT_BATTEN.A

This is the best I can tell what it was.
It would not allow workstations to connect to any share on the server nor
would it connect to any share on any workstation.

I went through the entire list of registry edits and followed all the directions
of deleting and editing. This seemed to fix the majority of the problem, however,
the server still can't connect to its own share.

For example
if you type \\servername in  the run box
and it brings up all the shares
if you double click on one, it will tell you "network path not found".

any input would very much appreciated!!!!

0
Comment
Question by:pathwayscsb
1 Comment
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 500 total points
ID: 18815029
Is the virus gone? did you delete the 1.reg that were dropped in the windows folder?

It won't hurt to try and run SDFix even if you're not infected, the tool restores disabled reg entries.
It repairs the damage caused by Bot variants and restores the HOSTS file to MS Default, removes DisableRegistryTools/TaskManager restrictions and Policy Run Keys if present.

Download SDFix and save it to your desktop.
http://downloads.andymanchesta.com/RemovalTools/SDFix.zip

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
*  Instead of Windows loading as normal, a menu with options should appear;
*  Select the first option, to run Windows in Safe Mode, then press "Enter".
*  Choose your usual account.

*  Open the extracted folder and double click "RunThis.bat" to start the script.
*  Type "Y" to begin the script.
*  It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
*  Press any Key and it will restart the PC.
*  Your system will take longer that normal to restart as the fixtool will be running and removing files.
*  When the desktop loads the Fixtool will complete the removal and display "Finished", then press any key to end the script and load your desktop icons.


0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Have you considered what group policies are backwards and forwards compatible? Windows Active Directory servers and clients use group policy templates to deploy sets of policies within your domain. But, there is a catch to deploying policies. The…
Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
Many functions in Excel can make decisions. The most simple of these is the IF function: it returns a value depending on whether a condition you describe is true or false. Once you get the hang of using the IF function, you will find it easier to us…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now