Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows 2003 Server with Backdoor Trojan


  • Please log in to reply

#166
rahanna

rahanna

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts
Ron,

I can open the Event Viewer but cannot open the Event propertis

I did force a Disable on [Sens] ... sc config sens start= disabled > SUCCESS

BTW - One thing I noticed that the File dates has been reset to dd/mm/yyyy

Yes ... There is a Last Known Good Configuration listed in the Safe Mode options ...

I am running OTL now and provide you with the results as soon as they pop ...
  • 0

Advertisements


#167
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,007 posts
  • MVP
If you save the event log from System how big is it? Could you zip it up and email it to me? I'll send you my email in a PM
  • 0

#168
rahanna

rahanna

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts
OK ... OTL is still scanning through the Event log ...

As soon as it is done, I will get the System Log to you ...

Thanks,
  • 0

#169
rahanna

rahanna

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts
Ron,

Did you get the OTL and System Log files ???

Please let me know ...

Thanks,
  • 0

#170
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,007 posts
  • MVP
When you get back into regular mode run otl again just like before.

Run OTL (Vista or Win 7 => right click and Run As Administrator)


Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


The Extras log shows the latest errors.
  • 0

#171
rahanna

rahanna

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts
Ron ...

The server is logged in normal mode but still not running as expected ...

NO IE / No Windows Updates / No Shared Drives available to users ...

I am running OTL right now and will get you the results ...

Thanks,
  • 0

#172
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,007 posts
  • MVP
Does Query Sessions show anything?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP