Remove Service Dependencys

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Got hit with Hacktool Rootkit the other day, after a lot of yelling at my
monitor and pulling hair I got rid of the files, unfortunately one of the
files was named regsvcs.exe (not to be confused with regsvcs.exe for .NET) in
the system32 directory and it made the Server and Workstation services
dependent on it, so now they won't start.

My question is, how do I remove the dependency from those 2 services so they
will start?
 
After backup delete the Reg_Multi_Sz strings 'DependOnService' from;

HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver
HKLM\SYSTEM\CurrentControlSet\Services\lanmanworkstation

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| Got hit with Hacktool Rootkit the other day, after a lot of yelling at my
| monitor and pulling hair I got rid of the files, unfortunately one of the
| files was named regsvcs.exe (not to be confused with regsvcs.exe for .NET)
in
| the system32 directory and it made the Server and Workstation services
| dependent on it, so now they won't start.
|
| My question is, how do I remove the dependency from those 2 services so
they
| will start?
| --
| Thanks,
|
| Mike
|
 
Good to hear. You're welcome.

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| Hi Dave,
|
| Excellent! Thanks a bunch, that fixed it.
| --
| Mike
 
Hmmm, looks like there is still one problem left over from the rootkit, I
can't seem to map any of the drives on the server now. I can however map
drives on other servers from the server in question.

I turned off File and Printer Sharing, rebooted, then turned them back on
but still can't access the servers drives from any other networked machines.
The error I get is that the networked path could not be found.

Any ideas?

Thanks,

Mike
 
You really can't trust the server after this. You must flatten and rebuild.

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| Hmmm, looks like there is still one problem left over from the rootkit, I
| can't seem to map any of the drives on the server now. I can however map
| drives on other servers from the server in question.
|
| I turned off File and Printer Sharing, rebooted, then turned them back on
| but still can't access the servers drives from any other networked
machines.
| The error I get is that the networked path could not be found.
|
| Any ideas?
|
| Thanks,
|
| Mike
 
Back
Top