<div>
You need to boot into safe mode and scan the server with your AV software then. If there is a virus it should be picked up then, make sure its fully up to dare and until you have rectified the probles physically disconnect it from the network, i.e take the network cable out.
</div>


<div>
First, disconnect it from network, as plug said. Then look at all processes in taskmanager and check all suspicious ones at google. Or post tasklist here.
</div>


<div>
Thanks for quick response. Please find below the process details after disconnecting from network;<br />
<br />
<br />
agntsrvc.exe<br />
cmd.exe<br />
CpqRcmc.exe<br />
cpqteam.exe<br />
csrss.exe<br />
dnsmp.exe<br />
dfssvc.exe<br />
explorer.exe<br />
hpsmhd.exe<br />
hpsmhd.exe<br />
inetinfo.exe<br />
lsass.exe<br />
mmc.exe<br />
msdtc.exe<br />
omtsreco.exe<br />
oracle.exe<br />
rotatelogs.exe<br />
rotatelogs.exe<br />
rotatelogs.exe<br />
service.exe<br />
smhstart.exe<br />
smss.exe<br />
snmp.exe<br />
spoolsv.exe<br />
svchost.exe<br />
svchost.exe<br />
svchost.exe<br />
svchost.exe<br />
svchost.exe<br />
svchost.exe<br />
svchost.exe<br />
sysdown.exe<br />
System<br />
System Idle Process<br />
taskmgr.exe<br />
TNSLSNR.EXE<br />
winlogon.exe<br />
wmiprvse.exe <br />
<br />
Please advise any suggestions........Thanks<br />

</div>


<div>
Theres nothing out of the ordianry on that list and if youve scanned the server in safe mode with up to dat elibraries then I dont think its a virus causing your problem. What errors end up in the event log?
</div>


<div>
A different view.<br />
I will go to almost any lengths to repair/disinfect a workstation/notebook - but on servers my advice has always been to back up the critical data/drivers and re-build it.<br />
<br />
Just too critical a function in your network.<br />
IMO
</div>


<div>
^^ Thats a terrible idea on an SBS box or any Doman controller tbh. If it can be fixed then fix it.
</div>


<div>
plug1 - we don't do personal attacks on EE.<br />
Maybe by the time you're around long enough to accumulate some points and answer a few questions, you will figure that out.
</div>


<div>
younghv, I know where you are coming from but i must admit I've always leaned the other way. laptops and workstations generally get rebuilt if they start exibiting problems/ virus type behaviour. Servers on the other hand are a work on till fixed if at all posible. (even if it means imaging the machine, rebuiling it and then working on the image until the problem is fixed.)<br />
Just rebuilding the machine removes the posibility of finding root cause in most situations and if root cause isn't known then there is a chance that the problem will recur and leave you back at square one. &nbsp;The reasoning of this is because if a workstation fault reccurs one user being affected, &nbsp;with a server however the whole company could be.<br />
<br />

</div>


<div>
best tip I can think of is to keep web surfing on servers to a minimum and at the least prevent anyone with admin rights from using the internet from a server OS (ie citrix or terminal servers). <br />
<br />
Where posible prevent servers from accessing the internet completely.<br />

</div>


<div>
<div class="content wysiwyg-content">
I have windows Server 2003 enterprise edition, after infected by virus/trojan, its task manager and registery editor disabled and on network when I search this server gives below error message;<br />
\\server is not accessible. &nbsp;You might not have permission to use this network resource.<br />
Contact the administrator of this server to find out if you have access permissions.<br />
Logon Failure: &nbsp;The user has not been granted the requested logon type at this computer.<br />
<br />
When I enable task manager and registery editor by gpedit.msc, after some time it automatically disabled again. I have scanned server by Norton corporate 10 but could not detect any virus. How do I resolv this issue and prevent other servers from infection.
</div>
</div>


I have windows Server 2003 enterprise edition, after infected by virus/trojan, its task manager and registery editor disabled and on network when I search this server gives below error message;
\\server is not accessible.  You might not have permission to use this network resource.
Contact the administrator of this server to find out if you have access permissions.
Logon Failure:  The user has not been granted the requested logon type at this computer.

When I enable task manager and registery editor by gpedit.msc, after some time it automatically disabled again. I have scanned server by Norton corporate 10 but could not detect any virus. How do I resolv this issue and prevent other servers from infection.

How do I remove virus/trojan from my infected server

Anti-virus software was originally developed to detect and remove computer viruses. However, with the proliferation of other kinds of malware, antivirus software started to provide protection from other computer threats. In particular, modern antivirus software can protect from malicious browser helper objects (BHOs), browser hijackers, ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, malicious layered service providers (LSPs), dialers, fraud tools, adware and spyware. Some products also include protection from other computer threats, such as infected and malicious URLs, spam, scam and phishing attacks, online identity theft (privacy), online banking attacks, social engineering techniques, Advanced Persistent Threat (APT), botnets and DDoS attacks.

Anti-Virus Apps

The Microsoft Server topic includes all of the legacy versions of the operating system, including the Windows NT 3.1, NT 3.5, NT 4.0 and Windows 2000 and Windows Home Server versions.

Microsoft Server OS

Windows Server 2003 was based on Windows XP and was released in four editions: Web, Standard, Enterprise and Datacenter. It also had derivative versions for clusters, storage and Microsoft’s Small Business Server. Important upgrades included integrating Internet Information Services (IIS), improvements to Active Directory (AD) and Group Policy (GP), and the migration to Automated System Recovery (ASR).