Cannot logon to windows 2000 server

  • Thread starter Thread starter Kidd
  • Start date Start date
K

Kidd

I had a recent battle with a trojan (Optix Pro). Finally
removed it but the result is non of the workstations can
log on to the server ("The domain password you supplied is
not correct, or access to your logon server has been
denied"). Already tried releasing a renewing IPs.
rebooting, repearing the Windows 2000 Server installation
with the ERD. Non of this worked. I get a message in the
event log: "The Simple Network Agent failed to start
beacuse of a missing file", the link to this service
pointed to a file that was deleted due to infection. I
don't think it was a system file as it would have been
restored by the SFC /scannow operation I also performed,
as well as the repair OS.

But so far nothing has worked, any clues, I'm going
completely nuts.....

Help appreciated.

Mr. Kidd
 
If you are talking about a domain controller, run dcdiag on it and netdiag on
one of the workstations to see what failed tests are reported. These utilities
are on the install cdrom in the support/tools folder where you will need to run
the setup there. I hope you have a recent clean backup of at least the System
State. Other events in Event Viewer may help determine what to do. Be sure to
check that dns is running and configured properly, with DC pointing to itself
and all domain members pointing to it as their preferred dns server in tcp/ip
properties. It may help to try restoring security settings back to default as
described in KB below. Possibly users passwords were changed during the attack,
try resetting password for a user to see if it helps. An upgrade installation
may also be another option to try, which will require you to reinstall service
pack firsts and then all critical updates. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;EN-US;313222
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q292175 -- back up the
System State first.
 
:
: I had a recent battle with a trojan (Optix Pro). Finally
: removed it but the result is non of the workstations can
: log on to the server ("The domain password you supplied is
: not correct, or access to your logon server has been
: denied"). Already tried releasing a renewing IPs.
: rebooting, repearing the Windows 2000 Server installation
: with the ERD. Non of this worked. I get a message in the
: event log: "The Simple Network Agent failed to start
: beacuse of a missing file", the link to this service
: pointed to a file that was deleted due to infection. I
: don't think it was a system file as it would have been
: restored by the SFC /scannow operation I also performed,
: as well as the repair OS.
:
: But so far nothing has worked, any clues, I'm going
: completely nuts.....

Have you reapplied the latest SP? Never delete infected files without
making backups. Quarantine is better. If it tells you the file, which one
is it? Did you replace it? Microsoft doesn't usually toss you a few extra
files just in case you might need them one day. (O:=

You said 'it would have been restore'. Well, was it?

--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Online Support for IT Professionals -
http://support.microsoft.com/servicedesks/technet/default.asp?fr=0&sd=tech
How-to: Windows 2000 DNS:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;308201
 
Back
Top