w32.spybot.worm
- From: "Andy Harlan" <andy@xxxxxxxxxxxxxxxxx>
- Date: Fri, 24 Feb 2006 10:56:57 -0500
I have detected a nasty worm on our server as w32.spybot.worm(symantec). It
changes a couple registry key configurations controlling DCOM. It also sets
itself to run on startup. However everytime I delete these keys they come
back. I have been adding service packs and patches today but still have
problems removing this bug. It says it is a file in Winnt\system32 however
I can not see it in safe mode, command prompt. I have all files to be shown
including system files. I have a SQL database on this system at SP2. I
have updated to SP4 for Windows 2000 and am applying patches. However it
keeps disabling the DCOM and users get access permission 70 denied when
trying to access database program. Currently when I scan it does not find a
virus but the registry changes continue to to change back to disable DCOM
and restrict anonymous access = 1 in LSA.
.
- Follow-Ups:
- Re: w32.spybot.worm
- From: Steven L Umbach
- Re: w32.spybot.worm
- Prev by Date: Re: Local authentication errors on Windows 2003 Server
- Next by Date: Re: Local authentication errors on Windows 2003 Server
- Previous by thread: Group Policy Restrict All Drives
- Next by thread: Re: w32.spybot.worm
- Index(es):
Relevant Pages
|
|
