Windows NT Server Hit By Virus’

Tags:
Microsoft Windows
Servers
Immediate help is needed. Our NT web server has been hit by several virus'. We tried to clean it out but were unsuccessful because the processes must be stopped before doing so. We tried to stop them but they respawned immediately. How do we start NT in safemode? Your help is appreciated.

Answer Wiki

Thanks. We'll let you know when a new response is added.

what version of NT are you running?

Discuss This Question: 5  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Michont
    From what I remember, NT 4.0 has no safe mode. You can boot to vga mode, which may not start the services, I don't remember honestly. There is also a "last known good" option you can try. Otherwise, it might be best to promote the backup domain controller to primary then reinstall the o/s on the one in question. I'm assuming you have your data backed up.
    25 pointsBadges:
    report
  • Rjournitz574
    Unfortunately there is no real way to start NT in safe mode. You could try using last known good configuration but it sounds as though you may have already rebooted and logged in on the server. If so that kills the last known option. I would try using the tools that can be found at http://securityresponse.symantec.com/avcenter/tools.list.html in trying to clean the server up. Outside of that you may want to consider restoring the last good backup you have of the server. Additional note, hope you have this server segregated from the rest of your network else it may infect other systems. Good Luck Randy
    0 pointsBadges:
    report
  • Dwiebesick
    I would build a bootable CD and run several online virus scans from that enviroment. You can do a google search for these types of CDs but here are some that I use all the time: The must have Bart's CD found at http://www.nu2.nu/pebuilder/ and you can add many plug-in that increase the power! Another excellent CD found at http://ubcd4win.co Try these on line scanners: http://www.trendmicro.com http://us.mcafee.com/root/mfs/default.asp?affid=294 http://www.pandasoftware.com/activescan/ http://www.ravantivirus.com/scan/indexie.php http://www.bitdefender.com/scan/licence.php When you build a bootable CD, you NT will not be active and you will be able to do a full system scan. You can also download autoruns from www.systernals.com to determine what programs/processes are set to automaticaly start on bootup. Let us know if you need further assistance. dwiebesick
    2,235 pointsBadges:
    report
  • Howard2nd
    1st "DISCONNECT" the network cable, and leave it disonnected until virus scanner runs a clean report. 2nd Now would be a really good time to consider upgrading to Windows 2000/20003 or Linux with Apache. 3rd Since NT4 et Al is no longer supported: 1 - when you get it back up make an image backup for future restores. 2 - an excellent firewall / anti-virus package is mandatory or you won't own the system from one day to the next. 3 - There are some exploits that are unpatched and REQUIRE 3rd party solutions (i.e. SMTP). Good Luck.
    30 pointsBadges:
    report
  • Bobkberg
    My favorite last-ditch method is a little harder than many, but I keep an old Pentium II box around which has been modified to have a separate disk controller with cables coming out of the box onto a ground plane (tied to the chassis) so that I can connect a "guest" hard drive to it and run all the anti-virus, and other scanning tools on the guest system without allowing the infected system to operate. As other have suggested BartPE and BootPE are alternative methods if you don't have a spare box, but I like my system because I can do drive clones, high-end (meaning paid-for) utilities of various sorts without the install/uninstall headache and such. But, if you're working with servers, you'll need IDE, SCSI, SATA controllers to deal with everything Bob
    1,070 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following