Problem with AD

Networking/Security Forums -> Spyware // Adware // Trojans Discussion

Author: lizam1977 PostPosted: Tue Mar 23, 2010 8:26 am    Post subject: Problem with AD
    ----
Hi,

I have 3 domain controllers and I have noticed suspicious activity in the Services console.

In 1st Server:

Service Name: dlwnimsy

Display Name: Boot Helper

Description: Coordinates transactions that are distributed across two or more databases, message queues, file systems, or other transaction protected resource managers.

Path to executable: C:\WINNT\system32\svchost.exe -k netsvcs

Startup Type: Automatic

Service status: starting.



In 2nd server:

Service Name: efgmvc

Display Name: Center System

Description: Allows Backup Exec job engine to discover to discover .....

Path to executable: C:\WINNT\system32\svchost.exe -k netsvcs

Startup Type: Automatic

Service status: starting.



In the above cases, these services did not exist before. I suspect it is new virus or something. For these AD servers, I cannot run AD consoles (Active Directory Users and COmputers, Active Directory Sites and Services, etc.) as I get this error:

Naming information cannot be located because:

The server is not operational. Contact your system administrator to verify that your domain is properly configured and is currently online.



However, when I use my Exchange server and use MMC, I can connect to the above servers, which means the AD services are running.

I tried to boot up the domain controller server in safe mode but when I try to disable the service, I get this error: Access Denied. How do I stop this service (set startup type to Disable)?



Networking/Security Forums -> Spyware // Adware // Trojans Discussion


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group