Re: SERVER SPYWARE / Can't log into only DC, any/all help is greatly appreciated!!!!!!!!!!!!!!!!!!!!!!!
From: DanS (t.h.i.s.n.t.h.a.t_at_a.d.e.l.p.h.i.a..n.e.t)
Date: 10/26/04
- Next message: djlc: "Re: How to remove offline files reference to removed share"
- Previous message: rickiez: "Re: Interesting problem"
- In reply to: rickiez: "SERVER SPYWARE / Can't log into only DC, any/all help is greatly appreciated!!!!!!!!!!!!!!!!!!!!!!!"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 25 Oct 2004 19:12:47 -0500
rickiez <rickiez02@yahoo.com> wrote in news:DCffd.11446$5O4.9777
@trnddc07:
> I have a client whose server was infected with both "Cool Web Search"
> and "TV Media" Spyware. The server was barely functional. The local
> Admin tried running Adaware on it and every time you click to Delete,
> Adaware freezes (this seems to happen all the time w/ Adaware; any
> thoughts on that too would be nice.) After rebooting in safe mode,
> removing any noticeable links in the startup using an XP version of
> "MSConfig" and running CWShredder on it to remove "Cool Web Search" the
> server rebooted fine once...........now every time I try to log in, it
> goes to about to where you'd expect it to load the desktop and puts you
> right back to the login screen. It even does this in safe mode. The
> admin over-writes her tapes every 2 days!!!! so I can't even rebuild
and
> restore a recent non-infected system state. I have access to ERD
> Commander so I can boot and edit that way (have to try using the Dell
> Perc 4 Raid driver and hope it works), but is there a way to manually
> role back the registry or something? If I was to reinstall 2K server
> from CD and over-wrote the existing install would that work to repair
> any missing files or registry issues and would it hurt AD? Any/all
help
> is greatly appreciated.............thanks so much!!!
rickiez,
this may be the link you need, about half way down the page there's a
process on how to fix this. Seems as though one of those spyware packages
may have changed a registry setting, and you need to restore a file from
the cd, if this is it.
funny thing, i work for a small company, 3 people, the owner/main
engineer is in another state and conversing is done by e-mail and phone.
works out pretty good actually :). anyway, he called me at home one
sunday night because he was on wits end about his main pc, it wouldn't
boot, and he did this and that, paid m$ for phone support, all in all, he
lost like 40 hours of work time fixing this. you've got to understand,
he's one of 'those' guys. not a real computer guy, he just knows enough
to be VERY dangerous. after 20 mins. of him telling me all the crap he
went thru, he told me that the whole thing started when after one of his
kids was using this pc, it had a bunch of spyware on it, and after
cleaning it, it wouldn't boot. you would start the login then it would
dump yo right back to the login screen. so i sent him this link while we
were on the phone,
http://www2.geek.com/discus/messages/196/10227.html?1095917659
his reply was...'if i had only known !'
sorry.....i had to share that. i find it humorous if noone else does.
let us know.....
DanS
- Next message: djlc: "Re: How to remove offline files reference to removed share"
- Previous message: rickiez: "Re: Interesting problem"
- In reply to: rickiez: "SERVER SPYWARE / Can't log into only DC, any/all help is greatly appreciated!!!!!!!!!!!!!!!!!!!!!!!"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
