PCA Forums

Where the old farts gather
https://www.pcabusers.org/phpbb3/

NT 4.0 Server File Question

https://www.pcabusers.org/phpbb3/viewtopic.php?f=3&t=17707

Page 1 of 1

NT 4.0 Server File Question

Posted: Mon Mar 18, 2002 10:06 pm
by wvjohn
ok, here's the deal

installed ncafee virus suite on one of the servers at work
it find 3 viruses


1 is sircam in an autoexec file on the non-boot partition and it goes away without any problem

2 are the same virus - don't have it here - one in c:admin.dll, other d:admin.dll

cannot repair, recommends delete file and replace with clean version

i guess my question is whether admin.dll is a "native" nt 4.0 file, if so how would you extract/replace it?

i went through the nt disks and the nt "unhelp" and didn't find anything promising

i did find an admin.dll in an "arcserver" or similar directory though

little bit over my head here :)

thx

Posted: Mon Mar 18, 2002 10:39 pm
by FlyingPenguin
Running NT 4.0 Server SP 6a here at home. Only file by that name on this system is buried several folders deep in the in the Frontpage 3.0 folder in program files folder.

If the file is not in that location, it might be a dummy file created by the virus. Many viruses create a fake system file.

I ALWAYS recommend you go to McAfee's or Symantec's online virus reference on their sites and lookup the details about ANY virus you find on your system. Many viruses require MUCH MORE than just a simple cleaning. Some viruses make dummy files, or hide backups of themselves in the recycling bin. Sometimes just a cleaning won't remove it - you have to delete entries in the registry.

As long as the file is not being used, you should be able to delete it and then replace it by extracting the original file from the last service pack (if it's on there) or from the original NT CD.

Instructions here: http://service4.symantec.com/SUPPORT/ts ... 2615305306

If you restore it from the CD you should re-install the latest service pack afterwards.

If you're not using Frontpage 3.0, or running a web server using front page extensions, I wouldn't worry about it - just delete it.

Posted: Tue Mar 19, 2002 7:04 am
by wvjohn
thanks fp, not running front page or webserver - i suspected it might be a virus "r" us type file - i'll check the mcafee web site and see what they say and then nuke the sucker if that's the way to go.....

btw, checked the model ariplane stuff on your website the other day - cool stuff - there's an rc club around here that does local airshows - the kids love the b-17 that drops candy and of course, the flying lawnmower and the flying witch :)
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited