Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Combofix and Active directories

  • Please log in to reply
4 replies to this topic

#1 Maurizio Martinelli

Maurizio Martinelli

  • Members
  • 2 posts
  • Local time:06:34 PM

Posted 15 January 2009 - 02:18 PM

I had a virus on a windows 2000 server, a domain controller. I used combofix to remove it.
Now I can't access to the active directories. It removed both the dns and wins exe. I reinstalled them and now they're working ok, but the domain is screwed up.
Is there anyone that can help me out?

BC AdBot (Login to Remove)


#2 Monty007


  • Members
  • 1,151 posts
  • Gender:Male
  • Location:Australia
  • Local time:03:04 AM

Posted 16 January 2009 - 03:37 PM

Hi, when you say the "domain is screwed up" can you give more details. Is the server a DC? Is there a back up? What is wrong with the server...connection issues ect?

#3 securityguard123


  • Members
  • 3 posts
  • Local time:12:34 PM

Posted 17 January 2009 - 01:16 AM

Prepare you back up of your system (system state, all configuration and files)

answer above question so we have a better overview of what you're dealing. Dont Panic!

#4 Maurizio Martinelli

Maurizio Martinelli
  • Topic Starter

  • Members
  • 2 posts
  • Local time:06:34 PM

Posted 18 January 2009 - 04:01 PM

Yes, is a domain controller, the only one.
When I try to access the user administration I have a message saying that there is no authority and in the domain masters I have just ERRO as the name of the domain master.

#5 TheWiz


  • Members
  • 1 posts
  • Local time:09:34 AM

Posted 21 January 2009 - 03:31 PM

Do you have a tape backup of your server, including System State?

I had a similar problem after running combofix on a Windows 2000 Server configured as a DC. I could log onto the server as Administrator, but DNS and AD reported errors and wouldn't open.

The fix for my situation was to do the following:
- Reboot and press F8 when booting to get Safe Mode boot options
- Select "Directory Services Restore Mode"
- In Windows (Safe Mode), I used my tape backup software (BackeupExec 8) to restore the System State (including registry)
- I did this restore from a good backup from a date before I ran combofix

My backup software (BackupExec) wouldn't work initially in Safe Mode. In Safe Mode, I had to go to Services and open properties on each BackupExec service. In properties, I had to click the Logon tab and select "Use Local System Account" and then manually start these services to get my backup software to run in Safe Mode.

After the system state was restored, I rebooted the Win2000 server in normal mode and Active Directory and DNS work working again.

Here is Microsoft's direcctions on restoring the system state. These instructions use the Windows built-in backup software. When in Safe Mode, use your own backup software to do the system state restore (step 6 in the restore directions on the following page).

At least this worked for my situation.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users