hello All -
Here is the situation:
WIndows 2003 SBS SP2 (R1) Exchange (as is standard, sql, sharepoint etc). This server got nailed by a virus one of the worst i have ever seen, none of the normal tools to remove the virus would run. (Such as Malware Antibytes, Hijack this, Avast etc nothing would run).
I figured that out by using an open file monitor to see what dll was being launched by winlogn.exe then went into Safe mode >> Recovery Console > and deleted the file.
Then i was able to access the needed tools and run them. However (before i ran any tools) when i booted into normal mode all of the system services were set to disabled. Even the even viewer was disabled, RPC was started except all service errored out with "WIn32: Rpc Server is unavailable" and numerous other dc/ad/gc errors.
I ran malwayre antibytes on the server and vundo fix - malware found 10+Registry keys that were infected; and 180 Other files that were infected! This server is definitely hosed!
I have tried several solutions to recover the server, but at this point i am certain the only way to fix this is to do an ad restore - only one DC.
My question is this:
If i do an AD restore based on this document: http://seer.entsupport.symantec.com/docs/243037.htm
Can i restore the Just the system state - and not anything else? (I do not want to rebuild this box) ! If i do a system state restore and nothing else, will exchange still work? will Sharepoint still work? Will SQL still work?
Also do i need to then after the restore is completed, go back into DSRM and set the following:
# On the restored domain controller, restore AD by using the following commands:
1. Open a command prompt
3. Authoritative restore
4. Restore Database
5. OK at the warning
6. Click Yes
I dont think i need to do both but i am not sure?
I really appreciate your help....