Solved

Windows 2000 Server with strange virus

Posted on 2007-03-21
1
213 Views
Last Modified: 2013-12-05
I have a windows 2000 server that was infected with bat_batten.a virus
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BAT_BATTEN.A

This is the best I can tell what it was.
It would not allow workstations to connect to any share on the server nor
would it connect to any share on any workstation.

I went through the entire list of registry edits and followed all the directions
of deleting and editing. This seemed to fix the majority of the problem, however,
the server still can't connect to its own share.

For example
if you type \\servername in  the run box
and it brings up all the shares
if you double click on one, it will tell you "network path not found".

any input would very much appreciated!!!!

0
Comment
Question by:pathwayscsb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 500 total points
ID: 18815029
Is the virus gone? did you delete the 1.reg that were dropped in the windows folder?

It won't hurt to try and run SDFix even if you're not infected, the tool restores disabled reg entries.
It repairs the damage caused by Bot variants and restores the HOSTS file to MS Default, removes DisableRegistryTools/TaskManager restrictions and Policy Run Keys if present.

Download SDFix and save it to your desktop.
http://downloads.andymanchesta.com/RemovalTools/SDFix.zip

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
*  Instead of Windows loading as normal, a menu with options should appear;
*  Select the first option, to run Windows in Safe Mode, then press "Enter".
*  Choose your usual account.

*  Open the extracted folder and double click "RunThis.bat" to start the script.
*  Type "Y" to begin the script.
*  It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
*  Press any Key and it will restart the PC.
*  Your system will take longer that normal to restart as the fixtool will be running and removing files.
*  When the desktop loads the Fixtool will complete the removal and display "Finished", then press any key to end the script and load your desktop icons.


0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For those of you actively in the Malware fightling business, we now have available an amazing new tool in the malware wars (first recommended to me by rpggamergirl (http://www.experts-exchange.com/M_3598771.html), the Zone Advisor for the Virus and …
This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question