Bootwin.exe causing the 2k3 server to stop users accessing network drives. Any ideas???

Posted on 2008-11-06
Last Modified: 2012-05-05
bootwin.exe causing server to stop access to Network drive, Unable to access network drive from server also. Any ideas on how to stop the occuring?
Question by:techsupport111

    Expert Comment

    I have the same problem. It appears the file is a virus, or part of one although none of the scanners at virustotal can detect it. On the server I found it on, It turned off several of the services at once, leving clients without network access like you described.
    It looks as if it has some code to hide from detection as well.
    The bootwin.exe file can be deleted in safe mode, but I don't know if that's enough to get rid of the entire virus. It might be part of a rootkit.
    LVL 11

    Accepted Solution

    Look for a WnUtils folder on the hard drive, most likely C:\WinUtils .  If it's there, go into the registry, find all references to that folder and delete the key(s).  

    Download and install GiPo File Utilities.  (  Use GiPo (right click on malware folder) to "Delete on next startup".

    Check the registry again, just in case the program loaded code back in there before it was deleted.

    Make sure the folder is gone and has not been recreated.

    Use a registry cleanup utility to remove any lingering pieces.  Norton's works pretty good.  

    Assisted Solution

    techsupport111, you should check the size of bootwin.exe.

    If it's about 9KB and in the system32-folder, it's a virus. As far as I can find, there are no other files in connection to the virus, so
    * Delete it in safe mode
    * Disable the service (The service name is Windows Boot Loader)
    * Install all Microsoft updates
    and you should be OK. I have run for more than two days without any sign of the virus still being active.
    Do a full scan of your system with your antivirus application as well just to be sure there are no known threats on the server.

    If it's about 94KB, it's the bootwin.exe from the shareware collection of utilities from Aylott Computing called WinUtils that knoxzoo talks about. According to Aylotts website, "reboots the PC with an optional delay". But I think tha tutility would only reboot your system, and not do any harm to your network services.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Find Ransomware Secrets With All-Source Analysis

    Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

    Suggested Solutions

    Lets look at the default installation and configuration of FreeProxy 4.10 REQUIREMENTS 1. FreeProxy 4.10 Application - Can be downloaded here ( 2. Ensure that you disable the windows fi…
    Let’s list some of the technologies that enable smooth teleworking. 
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    758 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now