Remove Service Dependencys

G

Guest

Got hit with Hacktool Rootkit the other day, after a lot of yelling at my
monitor and pulling hair I got rid of the files, unfortunately one of the
files was named regsvcs.exe (not to be confused with regsvcs.exe for .NET) in
the system32 directory and it made the Server and Workstation services
dependent on it, so now they won't start.

My question is, how do I remove the dependency from those 2 services so they
will start?
 
D

Dave Patrick

After backup delete the Reg_Multi_Sz strings 'DependOnService' from;

HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver
HKLM\SYSTEM\CurrentControlSet\Services\lanmanworkstation

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| Got hit with Hacktool Rootkit the other day, after a lot of yelling at my
| monitor and pulling hair I got rid of the files, unfortunately one of the
| files was named regsvcs.exe (not to be confused with regsvcs.exe for .NET)
in
| the system32 directory and it made the Server and Workstation services
| dependent on it, so now they won't start.
|
| My question is, how do I remove the dependency from those 2 services so
they
| will start?
| --
| Thanks,
|
| Mike
|
 
D

Dave Patrick

Good to hear. You're welcome.

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| Hi Dave,
|
| Excellent! Thanks a bunch, that fixed it.
| --
| Mike
 
G

Guest

Hmmm, looks like there is still one problem left over from the rootkit, I
can't seem to map any of the drives on the server now. I can however map
drives on other servers from the server in question.

I turned off File and Printer Sharing, rebooted, then turned them back on
but still can't access the servers drives from any other networked machines.
The error I get is that the networked path could not be found.

Any ideas?

Thanks,

Mike
 
D

Dave Patrick

You really can't trust the server after this. You must flatten and rebuild.

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| Hmmm, looks like there is still one problem left over from the rootkit, I
| can't seem to map any of the drives on the server now. I can however map
| drives on other servers from the server in question.
|
| I turned off File and Printer Sharing, rebooted, then turned them back on
| but still can't access the servers drives from any other networked
machines.
| The error I get is that the networked path could not be found.
|
| Any ideas?
|
| Thanks,
|
| Mike
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Command -remove to remove a service application?? 9
Can WMI logging be turned off to stop the creation of XML files inWINDOWS\PCHealth\HelpCtr\DataColl\ 2
Is there a way to turn off WMI logging and stop the creation of XMLfiles in WINDOWS\PCHealth\HelpCtr 10
Server service 1
PRB -- what are the dependencies for "remote boot service" 3
win 2000 - advanced server - Server Service 1
Bloated .NET Framework 3.5 SP1 Dependencies 2
Net Logon service doesn't starts 1

Top