Remove Service Dependencys

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Got hit with Hacktool Rootkit the other day, after a lot of yelling at my
monitor and pulling hair I got rid of the files, unfortunately one of the
files was named regsvcs.exe (not to be confused with regsvcs.exe for .NET) in
the system32 directory and it made the Server and Workstation services
dependent on it, so now they won't start.

My question is, how do I remove the dependency from those 2 services so they
will start?
 
After backup delete the Reg_Multi_Sz strings 'DependOnService' from;

HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver
HKLM\SYSTEM\CurrentControlSet\Services\lanmanworkstation

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| Got hit with Hacktool Rootkit the other day, after a lot of yelling at my
| monitor and pulling hair I got rid of the files, unfortunately one of the
| files was named regsvcs.exe (not to be confused with regsvcs.exe for .NET)
in
| the system32 directory and it made the Server and Workstation services
| dependent on it, so now they won't start.
|
| My question is, how do I remove the dependency from those 2 services so
they
| will start?
| --
| Thanks,
|
| Mike
|
 
Good to hear. You're welcome.

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| Hi Dave,
|
| Excellent! Thanks a bunch, that fixed it.
| --
| Mike
 
Hmmm, looks like there is still one problem left over from the rootkit, I
can't seem to map any of the drives on the server now. I can however map
drives on other servers from the server in question.

I turned off File and Printer Sharing, rebooted, then turned them back on
but still can't access the servers drives from any other networked machines.
The error I get is that the networked path could not be found.

Any ideas?

Thanks,

Mike
 
You really can't trust the server after this. You must flatten and rebuild.

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| Hmmm, looks like there is still one problem left over from the rootkit, I
| can't seem to map any of the drives on the server now. I can however map
| drives on other servers from the server in question.
|
| I turned off File and Printer Sharing, rebooted, then turned them back on
| but still can't access the servers drives from any other networked
machines.
| The error I get is that the networked path could not be found.
|
| Any ideas?
|
| Thanks,
|
| Mike
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Component Services Explorer does not reflect changes! 2
Framework (1.1) installation issues 1
Event ID 7018 Circular Dependency with Trend Server Protect Antivi 0
DNS service Dependancys 2
|||||||| Cannot re-install .NET Framework 2.xx MSVP'S Please! ||||||||| 2
Dependencies for services no longer displaying 8
Dependency and class not registered errors 2
service dependency on a *specific* sql server database 4

Back
Top