Bootwin.exe causing the 2k3 server to stop users accessing network drives. Any ideas???

bootwin.exe causing server to stop access to Network drive, Unable to access network drive from server also. Any ideas on how to stop the occuring?
techsupport111Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

punarCommented:
I have the same problem. It appears the file is a virus, or part of one although none of the scanners at virustotal can detect it. On the server I found it on, It turned off several of the services at once, leving clients without network access like you described.
It looks as if it has some code to hide from detection as well.
The bootwin.exe file can be deleted in safe mode, but I don't know if that's enough to get rid of the entire virus. It might be part of a rootkit.
0
knoxzooCommented:
Look for a WnUtils folder on the hard drive, most likely C:\WinUtils .  If it's there, go into the registry, find all references to that folder and delete the key(s).  

Download and install GiPo File Utilities.  (http://www.gibinsoft.net/gipoutils/fileutil/index.htm)  Use GiPo (right click on malware folder) to "Delete on next startup".

Check the registry again, just in case the program loaded code back in there before it was deleted.

Make sure the folder is gone and has not been recreated.

Use a registry cleanup utility to remove any lingering pieces.  Norton's works pretty good.  
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
punarCommented:
techsupport111, you should check the size of bootwin.exe.

If it's about 9KB and in the system32-folder, it's a virus. As far as I can find, there are no other files in connection to the virus, so
* Delete it in safe mode
* Disable the service (The service name is Windows Boot Loader)
* Install all Microsoft updates
and you should be OK. I have run for more than two days without any sign of the virus still being active.
Do a full scan of your system with your antivirus application as well just to be sure there are no known threats on the server.

If it's about 94KB, it's the bootwin.exe from the shareware collection of utilities from Aylott Computing called WinUtils that knoxzoo talks about. According to Aylotts website, "reboots the PC with an optional delay". But I think tha tutility would only reboot your system, and not do any harm to your network services.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.