Re: Windows SBS 2003 blue desktop!!

I am serious. My suggestion is a basic and formally accepted security
practice. Your server has been compromised _nothing_ on it can be trusted.

Want some more good news? As a DC it had access to every PC on your LAN.
Their HDD's should be removed and destroyed also.

The system should only be brought up in isolation and anything transferred
from it regarded as suspicious. Better yet not to even attempt to run the
OS, just grab the data.

"Jose Alves" <JoseAlves@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:FE3899D5-B8A9-4CD7-8785-5896D2BBAF2B@xxxxxxxxxxxxxxxx
Please this is not a joke... be serious.

Format it's not enough?? "drives should be removed and destroyed " are
you
joking? do you understand what are you talking about?

Format it´s a option that i don´t want to do, but i´m sure that it solves
the problem...

Please, help me someone who have some experience with this issue.

thanks

"SuperGumby [SBS MVP]" wrote:

Your server has been compromised, FORMAT C: is not enough to be sure of
curing it, the drives should be removed and destroyed (after using some
mechanism to get _only_ DATA off them).

If you insist on retaining an untrustworthy installation try starting in
'Command Prompt' or off a BARTPE CD, delete the content of c:\documents
and
settings. Though this will introduce its own problems it may get the
system
up to a point where you can copy data off then flatten it.

NOTE: I said that delete will introduce its own problems.

"Jose Alves" <JoseAlves@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:35353AEC-A70F-4989-8C84-26C2A89438F8@xxxxxxxxxxxxxxxx
Hi.
I have a windows sbs 2003 that was infected wih some different virus
(trj/agent.hfm, downloader.rlv, w32.perlogva)

Before and after virus removal (scan "c:\" of server over the network
with
updated panda clientshiled installed in a windows xp ) i have one BIG
problem, that it´s after doing "ctl-alt-del" and logon as administrator
the
desktop does not show. It only show a screen with blue background. If i
do
"ctrl-alt-del" i can select the task manager or end session ( the
normal
options).

The network it´s ok and client machines comunnicate with server with no
problems .

With task manager i have executed the "mmc" comnand and access to
"active
directory users and computers" snap-in. I´ve creatde a new user with
administrator rigths, but when i logon with this new user i have the
same
problem.

Please help.

Thanks in advance,
Jose Alves






.