Definitely I'm out of shape, since I've tryining to remove a virus which creates false windows services and I haven't been able to.
My result was a out of service Domain controller, luckyly not a production one, just one in my class, but my students aren't happy of the info lost during the issue. I did it the old way, finding the registry entries and deleting them, but I did something wrong since the server never booted again. It's really rare that I can't boot the server. It's like virus let something into the MBR.
I also give sporadic support to some companies, and I have a server with similar symptoms. I don't want to cause the same damage that kicked out the domain controller. So I want to hear some suggestions about which virus it could be. I was told it could be conficker, but I haven't read that it create false windows services.
Did you try F8 (sometimes F12) and bring back your computer in prevous state. When you start computer just press F8 as long is not comming out list of solutuons. Then go down on "Last good known configuration" (or something like that) and press enter. This will bring your computer in time before virus comming. Of course in some situation this is not work.
Windows 2003 server doesn't have a Service Pack 3. I'm not talking about XP. I give server support, not for PCs. (I let PC support to people with more daily time).
Last good known configuration isn't a good idea in most server cases either.
It seems not to be the conficker.
I had recently an experience with virus in a laptop (my parents, the only case I offer PC support), and it was hidden into system volume. The only way to remove it was using the tool to free disk space (included in windows) and selecting delete previos states except the last one (it free lots of disk space and removed the virus). But that virus didn't create services with strange names.
Thanks for the feedback. I'm getting in shape again.
I agree that Win 2k3 server OS doesnt have a Service Pack 3. But i think the people who are handling server class machines, are very carefull about backups. If you have the backup of the system state and data, just restore it in the domain contrller and let the virus say, Bye bye...
I am not sure what you meant by system volume, but i think, for removing the viruses, no matter wherever it may be in the hard disk, antivirus programs are available. If you mean system volume information, that is also in hard disk only, right?
What Anti virus are you using and is it a free or paid version? If you have a paid version you can call in for support. Their techs can walk you through getting fixed up.
Also many anti viruses have the ability to create a boot disk that you can use to scan your system before the operating system loads. If you didn't create one you may be able to get your Anti virus company send you one.
Honestly, The best way would be is to format your hard-drive, but you could scan... If it's not truly a virus, your anti-virus software won't be able to remove it. You'd need anti-malware. I also suggest you make back ups after you get rid of this worm/virus.
i would suggest you to back up and format instead of spending days trying to figure it out what went wrong.
how about the system restore? it always comes in handy. good luck finding your virus.