So what you have is a hung box some where between logon and logoff? Jon
On Thu, May 13, 2010 at 7:09 PM, Peter van Houten <[email protected]>wrote: > Thanks Jon; I probably didn't lay out my explanation properly but I do > have remote access; it simply goes through the same login-logoff routine > as a local login. > > -- > Peter van Houten > > On the 14 May, 2010 00:58, Jon Harris wrote the following: > >> Isn't there a GPO that would turn on remote access for Domain Admins? >> If it is part of a domain and you have access to the Domain Controller >> then just have it restarted once or twice and you should be good to go. >> Jon >> >> On Thu, May 13, 2010 at 6:26 PM, Peter van Houten <[email protected] >> <mailto:[email protected]>> wrote: >> >> I have a XP Pro [fully patched :-) ] box on a network that has been >> infected (probably Virut). It is the classic login...loading your >> personal settings...logging off scenario. >> >> Recovering the data and fixing the malware problem is easy. The real >> problem is that the box is 300 miles away, so I am trying to avoid >> flying there tomorrow, just before the weekend. >> >> What can't be done / makes no difference: >> ----------------------------------------------------------- >> 1) Login locally (admin credentials make no difference) >> 2) Login remotely using RDP or VNC, directly via VPN or via another box >> on the remote network (goes through the motions as above). >> 2) Start in any form of safe mode. >> 3) Restore to earlier date, last known good config. >> 4) Map drives to *any* shares from another box >> 5) Use any clever login scripts on the server >> 6) Use psexec to run anything remotely. >> 7) Instruct the user to step through anything technical :-( >> >> What can be done: >> -------------------------- >> 1) Ping the box >> 2) Netbios is enabled, so it shows in network >> 3) Scan the IP and show ports 139 and 445 open >> 4) Open and close a null RPC connection (enum, etc not helping) >> >> My hope is that one of you boffins has a script that will, via RPC turn >> on the telnet server, open port 23 and let me copy a document from the >> desktop [aarrgh] to USB. Or something equally as clever... >> >> TIA but please no advice on malware, >> >> -- >> Peter van Houten >> > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
