NT 4.0 Server File Question

Discussions about anything Computer Hardware Related. Overclocking, underclocking and talk about the latest or even the oldest technology. PCA Reviews feedback
Post Reply
User avatar
wvjohn
Posts: 9238
Joined: Wed Nov 22, 2000 7:09 am
Contact:
Contact wvjohn

NT 4.0 Server File Question

Post by wvjohn »

ok, here's the deal

installed ncafee virus suite on one of the servers at work
it find 3 viruses


1 is sircam in an autoexec file on the non-boot partition and it goes away without any problem

2 are the same virus - don't have it here - one in c:admin.dll, other d:admin.dll

cannot repair, recommends delete file and replace with clean version

i guess my question is whether admin.dll is a "native" nt 4.0 file, if so how would you extract/replace it?

i went through the nt disks and the nt "unhelp" and didn't find anything promising

i did find an admin.dll in an "arcserver" or similar directory though

little bit over my head here :)

thx
<a href="http://www.heatware.com/eval.php?id=123" target="_blank" >Heatware</a>
Top
User avatar
FlyingPenguin
Flightless Bird
Posts: 33162
Joined: Wed Nov 22, 2000 11:13 am
Location: Central Florida
Contact:
Contact FlyingPenguin

Post by FlyingPenguin »

Running NT 4.0 Server SP 6a here at home. Only file by that name on this system is buried several folders deep in the in the Frontpage 3.0 folder in program files folder.

If the file is not in that location, it might be a dummy file created by the virus. Many viruses create a fake system file.

I ALWAYS recommend you go to McAfee's or Symantec's online virus reference on their sites and lookup the details about ANY virus you find on your system. Many viruses require MUCH MORE than just a simple cleaning. Some viruses make dummy files, or hide backups of themselves in the recycling bin. Sometimes just a cleaning won't remove it - you have to delete entries in the registry.

As long as the file is not being used, you should be able to delete it and then replace it by extracting the original file from the last service pack (if it's on there) or from the original NT CD.

Instructions here: http://service4.symantec.com/SUPPORT/ts ... 2615305306

If you restore it from the CD you should re-install the latest service pack afterwards.

If you're not using Frontpage 3.0, or running a web server using front page extensions, I wouldn't worry about it - just delete it.
---
“The Government of Spain will not applaud those who set the world on fire just because they show up with a bucket.” - Prime Minister of Spain, Pedro Sánchez

Image
Top
User avatar
wvjohn
Posts: 9238
Joined: Wed Nov 22, 2000 7:09 am
Contact:
Contact wvjohn

Post by wvjohn »

thanks fp, not running front page or webserver - i suspected it might be a virus "r" us type file - i'll check the mcafee web site and see what they say and then nuke the sucker if that's the way to go.....

btw, checked the model ariplane stuff on your website the other day - cool stuff - there's an rc club around here that does local airshows - the kids love the b-17 that drops candy and of course, the flying lawnmower and the flying witch :)
<a href="http://www.heatware.com/eval.php?id=123" target="_blank" >Heatware</a>
Top
Post Reply

Return to “General Hardware”