sdbot recovery issue IPC$

[redapples]

I have a small wireless network which has been infected by sdbot and I am now having a few problems.

the IPC$ remote IPC is removed each time I boot up which causes the share of the laptop acting as server to fail and the shared printer to fail also. I add IPC$ and all is well but this is problematic as I must do this each time I log in.

What I have done
1.run a virus scan a removed the virus
2. found the registry key for syslnt32.exe (the offending file) and deleted it for HKLM/Software\Microsoft\Windows\CurrentVersion\RunServices
Still to do

"The worm disables default admin shares (such as C$, D$, and Admin$) on WinNT/2K/XP systems by setting two registry key during a null sesssion:
values:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
lanmanserver\parameters "AutoShareServer" = DWORD:0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
lanmanserver\parameters "AutoShareWks" = DWORD:0
A registry key is set to disable the enumeration of shares HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\
Lsa "restrictanonymous" = DWORD:1 "

the preceding is provided by NAI but it is not clear what to do with these registry settings. should I change the setting or delete the settings?

How can I ensure that Remote IPC is conficured on this laptop to preserve the share of resource?

Questions, questions I have been at this a while and each piece of information I get seems to be different. Please help. Will try anything at this point, short of throwing it out the window!

"anyone... anyone... is there anyone there?" Orson Welles, War of the worlds

Want the best answers? See FAQ181-2886

 

[redapples]

Righto seems I had a file svhost.exe running causing me all my problems hadn't spotted the clever spelling adjustment. Doh!


Want the best answers? See FAQ181-2886