ServSecurity Service Path Changed

  • Thread starter Thread starter Rhea Urusky
  • Start date Start date
R

Rhea Urusky

We are having trouble accessing AD as administrator. Our ServSecurity
service is not running because the path has been changed. We had some
backdoor trojans which we have removed but problems still remain. Where do
we go in the registry to change the path back?
Thanks.
 
Well Services are defined in HKLM\System\Current Control Set\Services .Look
fo coresponding registry key. ServSecurity ? First time I hear of this
service. This is not Windows default service.

--
Regards

Matjaz Ladava, MCSE, MCSA, MVP
Microsoft MVP - Active Directory
(e-mail address removed), (e-mail address removed)
http://ladava.com
 
Do you have any idea where this service might be from? We are having
problems getting into AD. We noticed this service is not running so when we
checked the path it was set to a path on our Novell server and no such files
exist on that server. However the file does exist on the Win2000 server in
the same path. We have also had some backdoor trojans on this server which
have been deleted, but we still can't get into AD. We didn't configure this
server ourselves and are not that familiar with Win2000 server. We are
trying to determine what is wrong so we can fix it. We get the logon
attempt failed error when we try to access AD Users and Computers. All we
have received as a response to our questions is that it is probably
something in DNS. But how do we find what in DNS?? We use this server for
internet access and for terminal services, that's all. It has two network
cards. Is there some article or some other resource to help us determine
what may be configured incorrectly? Could a hacker have changed something,
we don't change anything except add users when needed. Thanks for any
insight.
 
Can you post the file and path where this service is pointing to, this would
help clarify if this is some kind of backdoor Trojan. You could also run
dcdiag and netdiag on your server to see if it has any other issues with
active directory and the network.

--
Regards

Matjaz Ladava, MCSE, MCSA, MCT, MVP
Microsoft MVP - Active Directory
(e-mail address removed), (e-mail address removed)
http://ladava.com
 
The path was set to F:\Winnt\System 32\rpcproxy\ServeSecurity.exe. However
the F drive is mapped to our Novell server. There is such a file on the C
drive in the same path: C:\Winnt\System 32\rpcproxy\ServeSecurity.exe.
 
Drive mappings are per user, so services don't see mapped network drives. I
can not find any reference on what this service does, but I'm quite sure,
that it is not Windows native. Based on the fact that this system was hit by
troyans It would be advisable to rebuild it.

--
Regards

Matjaz Ladava, MCSE, MCSA, MCT, MVP
Microsoft MVP - Active Directory
(e-mail address removed), (e-mail address removed)
http://ladava.com
 
Back
Top