Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Virus Problem with W2K: Need ERD guidance 1

Status
Not open for further replies.
ptazbaz

ptazbaz

IS-IT--Management
Jul 30, 2004
3
US
Hello All,

I have an interesting problem with my W2K Server install. The system was compromised with a number of trojan viruses. I suspect that even though I removed them all, one or two are lingering in the system and boot servcies. The system is very slow to respond after bootup and is constantly pegged at 100% CPU maxmimation. I am concerned that if I try to create an ERD after bootup, it will just copy the same infected files onto the floppy and will never resolve my issues. Can someone confirm if this is the case when creating an ERD. If it only copies files from the repair folder and does not copy my actual system files, then I will do it. Otherwise, I am wondering if it is possible to create the ERD from the W2K server install CD directly versus an installed system. I cannot use the W2K CD directly during bootup of the infected system becuase for some reason, my CD drive on the infected system will not read it. I was thinking about using another non-W2K machine to read the W2K Server CD and create the ERD from it, if it's possible. Any input is much appreciated.
 
Sort by date Sort by votes
I have a question for you.

How come you don't just check and see what process is using your computer resources and then work on removing the program that is responsible for that process? I might be wrong, but I would try to fix the machine before making any erd disks. I have had some similar problems before and I had to identify the process responsible, then do a google search to find out what that process is for. If it is a knows virus you will find some info on how to properly remove it. Sometimes you have to edit the registry to get these things to go away.
 
Upvote 0 Downvote
The problem is that the process that is 100% pegged is the System process itself, which is a critical Windows service that cannot be disabled. I have already looked at disabling all non-important processes, but am still having issues.
 
Upvote 0 Downvote
Place the disk in another machine, scan it with multiple AV scanners, first thing. Do not try to run or access files on the disk until the mutiple scanners come up clean. Run adaware and spybot on the disk before placeing it back in the server.If you have any other disks on the server they must be scanned also. An ERD after you have viruses will do little. The infection might hit the ERD, but will still be in Os files, ERD or not, even if they are not in the repair folder. Viruses can also jump to special partitions, placed on the disk by the server manufacturer. Rare, but viruses can infect the bios
 
Upvote 0 Downvote
Ok, I had one more idea that I wanted to run by the group. If I create the ERD on a W2K professional machine that I know has no viruses, can I use that W2K Pro ERD disk to restore W2K Server? Thanks.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ravalos
  • Locked
  • Question
Problem with PDFs in IIS
Replies
1
Views
455
gbaughma
gbaughma
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
297
suncit
suncit
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
266
DrB0b
DrB0b
DrB0b
  • Locked
  • Question
Hybrid on prem AD with Azure AD
Replies
2
Views
137
DrB0b
DrB0b
lacked
  • Locked
  • Question
problem with windows update on windows server 2016
Replies
1
Views
94
maybeimaleo
maybeimaleo

Part and Inventory Search

Sponsor

Back
Top