Bootwin.exe causing the 2k3 server to stop users accessing network drives. Any ideas???

bootwin.exe causing server to stop access to Network drive, Unable to access network drive from server also. Any ideas on how to stop the occuring?
Who is Participating?
knoxzooConnect With a Mentor Commented:
Look for a WnUtils folder on the hard drive, most likely C:\WinUtils .  If it's there, go into the registry, find all references to that folder and delete the key(s).  

Download and install GiPo File Utilities.  (  Use GiPo (right click on malware folder) to "Delete on next startup".

Check the registry again, just in case the program loaded code back in there before it was deleted.

Make sure the folder is gone and has not been recreated.

Use a registry cleanup utility to remove any lingering pieces.  Norton's works pretty good.  
I have the same problem. It appears the file is a virus, or part of one although none of the scanners at virustotal can detect it. On the server I found it on, It turned off several of the services at once, leving clients without network access like you described.
It looks as if it has some code to hide from detection as well.
The bootwin.exe file can be deleted in safe mode, but I don't know if that's enough to get rid of the entire virus. It might be part of a rootkit.
punarConnect With a Mentor Commented:
techsupport111, you should check the size of bootwin.exe.

If it's about 9KB and in the system32-folder, it's a virus. As far as I can find, there are no other files in connection to the virus, so
* Delete it in safe mode
* Disable the service (The service name is Windows Boot Loader)
* Install all Microsoft updates
and you should be OK. I have run for more than two days without any sign of the virus still being active.
Do a full scan of your system with your antivirus application as well just to be sure there are no known threats on the server.

If it's about 94KB, it's the bootwin.exe from the shareware collection of utilities from Aylott Computing called WinUtils that knoxzoo talks about. According to Aylotts website, "reboots the PC with an optional delay". But I think tha tutility would only reboot your system, and not do any harm to your network services.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.