I have windows 2000 Server running with Terminal Services. Someone got onto the server and was looking at shady websites here at my office. Anyway the server was highjacked with Some type of spyware\junk. Now when I try to log on I hit CTRL\ALT\DEL at the logon screen, enter my username and password, hit ok, and then it appears as if it is going to log in but then just goes directly to saving system settings and the logon screen just reappears. I can not log in at all...it just goes directly back to the login screen. Does not matter what user name I use, Or safe mode or anything. I have access to the servers registry and can browse the file system through one of my other servers. I can also access services from another server, but I cant find anything wrong and dont know what is causing this! PLEASE HELP!
I am Desperate! Please help! WIN 2K Server!
- Thread starter kerndads
- Start date
KB
Diamond Member
- Nov 8, 1999
- 5,406
- 389
- 126
Look in the startup folder (All users and Administrator) and the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run registry key for a mention to shutdown.exe. It is possible the spyware put a reference in these areas to shutdown -l, the command for logging off.
Does the Event Log have anything useful in it? Are there any errors? System errors may mean you have some corruption and will need to reimage. Look in the security event log. If it shows a user logging it, then immediately logging out, then my hunch about shutdown -l may be correct. Good luck.
Does the Event Log have anything useful in it? Are there any errors? System errors may mean you have some corruption and will need to reimage. Look in the security event log. If it shows a user logging it, then immediately logging out, then my hunch about shutdown -l may be correct. Good luck.
I checked the Run Folder in that key and it is empty. I see no entry in the event viewer for any log offs or log on attempts even though there were attempts. There are some errors in the event log (system) They have to do with ntrfs and certain dns errors (the dns errors I am pretty sure are not related. The funny thing is the server runs fine, It is still doing everything it should be I just cannot bring up the desktop or log in at all! I am at my wits end here! SOmeone please help me!!! I will be eternally grateful! This machine is our terminal server and my boss is going away soon and he will need to log into it to work while he is away..so If it is not up and running by then it could mean my JOB!! Anyone else with any info whatsoever please let me know!!! I also do not have a win 2k server cd..or I would reinstall! I lost the disk and I could never get a replacement in time...I also do not have an image of the server! UNFORTUNATELY!!!
Although this sounds like the problem you have, I'm sure it's not that simple
Users Unable to Log On Locally to Terminal Services Computer
In the absence of any other suggestions, what about creating a new user account with local logon rights and administrative priviledges?
Users Unable to Log On Locally to Terminal Services Computer
In the absence of any other suggestions, what about creating a new user account with local logon rights and administrative priviledges?
http://www.winxptutor.com/wsaremove.htm
http://www.experts-exchange.co.../WinXP/Q_21138228.html
Google is your friend...but I'll give you a hint - spyware plus inability to login as you describe sounds like a problem with winlogon and your registry. The two links above detail how to fix this.
Tim
http://www.experts-exchange.co.../WinXP/Q_21138228.html
Google is your friend...but I'll give you a hint - spyware plus inability to login as you describe sounds like a problem with winlogon and your registry. The two links above detail how to fix this.
Tim
KB
Diamond Member
- Nov 8, 1999
- 5,406
- 389
- 126
You did reboot right?
Did you run any spyware removers? There was a problem with adaware that resulted in the same behavoir in Windows XP:
http://www.duxcw.com/yabbse/in...threadid=7407;start=15
Did you run any spyware removers? There was a problem with adaware that resulted in the same behavoir in Windows XP:
http://www.duxcw.com/yabbse/in...threadid=7407;start=15
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 21K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter