Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 2000 server Down


  • Please log in to reply
1 reply to this topic

#1 mindquake

mindquake

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:15 AM

Posted 12 February 2009 - 01:33 PM

I have a Compaq Proliant ML370 running Windows 2000 server.
It allows me to login but then gives me a blank desktop. When I use Task manager in an attempt to browse to my system drive I am unable to run explorer.exe. The infection has diabled system related executables on the server. I can not access the internet to run an online scan either.

So far I have tried the following:
  • Cant get to a command prompt, control panel or any administrative function on the computer
  • Removed the infected drives & installed another in order to install fresh copy of Windows 2000
  • After the new Windows 2000 install I then applied sp4 and 79 Microsoft critical updates.
  • I installed a trial version of Kaspersky Enterprise AV Software on the server
  • I have unplugged the server from the network
Everything seemed to run fine after installing the new copy of Win 2000, until I added the infected drives, which I did scan with the Kaspersky software, however soon after the scan I started seeing signs of infection on my new drive. My NIC does not appear to be working and now Kaspersky Administration shows that I have an IP address of 127.0.0.1.

The infection appears to have originated from a TAX program update.

At this point, I can login to the server with the new drive I created, and I can see the other drives. I am afraid I will lose my ability to perform administrative tasks over time (just like the original system drive did).

Just a note, almost all of the client computers on this network have been infected as well.

I need help disabling this virus, and getting my server back up and running.

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,806 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:15 AM

Posted 13 February 2009 - 11:25 PM

I am moving this from the HiJack This forum to the Am I Infected forum as no logs have been posted. ~ OB
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users