2nd Posting - Please Help

  • Thread starter Thread starter Mark Griffiths
  • Start date Start date
M

Mark Griffiths

Hi, Sorry for this but I'm DESPERATE!!!

I posted this a couple of days ago, but as of yet, no response.
Thought I'd add a few other things that wont work in normal boot mode to see
if it helps throw any light on this problem.

When trying to get into "Add Remove Windows Components" it say "Please Wait"
and hangs.

I tried to change a setting in Exchange for the SMTP service and stopped it,
and now cant start it again.

This is all because of (I think) some viral infection that's still hanging
around.

Also at boot time is says "Bad BOOT.INI". Starting from C:\WINNT.

I think I may have to reload op system, but don't really want to go down
that road if someone can suggest an alternative.

I've run an online scan from www.housecall.antivirus.com (trend) and that
comes up clean, but somehow, I dont believe it.

Original posting was:-
Hi All,
Can someone please help with the following problem?

We have a customer who has SBS2000 installed on a HP Server TC2100.
All seemed to be working fine until they had a few virus attacks (Bagel,
Doom and Netsky).
We used Symantec's patches to clean the system, but since then whenever you
try to right click on Network Places, the system freezes. You can only then
get into Task Manger and shut down the process.
Trouble is, they've just moved ISP's and I need to get to the network
connection to reconfigure the 2nd NIC's IP address.

I can do this if I boot into safe mode with networking, so it must be some
rogue process that's interfering somewhere.

Can anyone suggest where I start looking please.

All/Any help very much appreciated, otherwise I will have to rebuild the
machine, and I don't particularly want to do that.

Best Regards and TIA
Mark
 
Probably nobody helped you because they thought you didn't want to hear the
answer: A careful system rebuild, starting from a known clean boot diskette
or CD, is the only answer. Your system is blown.

Standard sermon #2: after the rebuild, *immediately* get, update, and run a
security suite such as (all freeware, but more flexible versions of AVG
antivirus and Ad-Aware are available for pay) AVG antivirus, Ad-Aware,
Sygate Personal firewall, SpyBot Search & Destroy, Spyware Guard, and
Spyware Blaster.

Naviscope, PopDown, Google Toolbar, and Star Downloader (all freeware) can
also be useful Internet tools.

Upgrade to Internet Explorer 6 and set its security settings to High.
Install any Critical patches at Windows Update. Then set it aside except for
the sites that require IE (Windows Update for example), get Mozilla FireFox
and/or Mozilla Suite (both open source and free), and forget about IE. Join
the Mozilla newsgroups and learn these fine programs. Live with their bugs
(mostly minor) while the volunteers refine the software.

Go to Windows Update after the rebuild and install all the Critical Updates.

If this is a server or other widely accessed system, you may need to look
into a hardware firewall, but that's beyond my pay grade.

If this is a paying client, remind them that if they don't do this, they'll
only be paying you again in a month or two. I had a client whose computer
was riddled with viruses. I noted she had turned off the firewall. Why? So
she could check her AOL email at home. AOL wouldn't let her past her own
firewall.

I cleaned up the computer as best I could (she would not allow a rebuild),
installed the suite of tools above, and updated and ran them all. A week
later, I came back and found she had turned off the new firewall. Why? So
she could check her AOL email at home. I fired her as a client.

Today her powerful computer continues to run like molasses uphill in
January--because she simply will not follow security procedures. She hates
that, but she won't allow it to be fixed.
 
Mark. I really don't understand how you can be "attacked" from these viruses. They all require user intervention to "attack." In my opinion getting your system working correctly will do nothing for you. You need to set up a protocol for the users so that this issue does not happen in the future. What I would do is start from the beginning with a fresh secure install and make sure the users understand the new protocol. Once damage such as this is done it is fruitless to "fix" the issue. It may be done but the systenm will always be in a precarious state and NOT one I'd administer.
 
Thanks you guys, just as I thought really, but like you said, didn't want to
hear it.
Oh Well, here goes then!

Thanks Again for your guidance and Best Regards
Mark
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Back
Top