Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1182
  • Last Modified:

Windows 2003 Server will not logon...returns back to logon screen instead

I have a client with a windows 2003 Server, Standard edition, SP1, that was comprimised by a hacker...after spending days cleaning it up, saving data, you can no longer logon to the machine.  Since this is a DC, there is no local user, only the domain administrator.  When you press ctrl alt del, it lets you type your information, says it's applying security settings, and then after 3 or 4 minutes, puts you back to the logon screen.

I have used Winternals to access the event viewer and found Event ID 1000, 1001, 55(NTFS is corrupt), and on and on and on.

My feeling the machine will need to be installed from scratch unless anyone else has seen this and has afix.  Since all data is saved, there is no problem in reinstalling.

thanks,
Dale
0
dgore1
Asked:
dgore1
2 Solutions
 
Bradley HaynesCommented:
Run the installation disk and do a repair.
0
 
Jay_Jay70Commented:
do NOT run a repair! you are talking about a DC here!

You will need to rebuild from the look of that my friend
0
 
dgore1Author Commented:
I already tried that but it gives errors trying to write to the drive...I will retry it again in the morning.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
bluetabCommented:
Based on personal experience I would recommend reinstalling from scratch.  Especially since you have a good data backup this will prove to be the least frustrating and better option down the line.  As with any machine that is compromised it's nearly impossible to tell when it's been fully cleaned.  And then when you do clean it you often experience other problems (as you are now).  Since this is the client's server you don't want to take a chance that you have any future problems with it.  Any problems you have down the line will just give you headaches and it's just easier to start with a fresh install.
0
 
dgore1Author Commented:
That's my feeling...With Winternals ERD commander, there's not much you can't do to get it running...but this one had over 2500 trojans active!!!

My thought is why even take a chance, DOD the drives to make sure no viruses are left....reinstall, (it's only a 5 user office and I saved all there critcal data)..

But just in case someone has ever run across the logon thing, I was hoping for a quick solution!!
0
 
Jay_Jay70Commented:
no quick on this, ERD commander is awesome, but it wont fix fundamental bits that are stuffed like this :) plus its been hijacked before, clean it :)
0
 
dgore1Author Commented:
My thoughts as well...have you ever seen the return to logon thingy?...for some dumb reason I just have to know why that is happening!!
0
 
Jay_Jay70Commented:
i have actually, numerous times, though most common is with xp - its the same architecture so cops the same things.....

To be honest through, last time i saw it, a reboot or 5 fixed it, or i could log on with a different user
0
 
dgore1Author Commented:
Sure is weird to watch it...oh well...thanks anyways...
0
 
Jay_Jay70Commented:
no probs, good luck
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now