Server 2003 infected can't install from msi and AD toold will nopt initialize

Dell Poweredge 6800 Windows Server 2003 I inherited the problems as I was not IT Manager for the last couple of years. Cannot open AD users and computers or other AD tools : Error: MMC cannot initialize snap-in. Cannot install many programs (tried reinstalling Admin Tools, Malware Bytes)but you get an error that it cannot create the shortcut so installation fails For Malware Bytes the final error is: "CoCreate instance failed; code 0x80040154.
Class not registered". Admin pack literally said it cannot create the lnk files and shortcuts.

Ran McAfee (after finding the definitions had not been updated for a year)and it found 48 infections of generic.bx!bblk but said it cleaned or deleted them. I have attached the logs of the other scanners as detailed in the how-to procedures.

Thank you for your help. I am guessing I need to do something in safe mode to really clean this but as this is the only server in the domain now and has all of the data on it, I do not want to take any chances without direction. Thank you again.

 

Now I notice that the Administrative tools for Active Directory do not show up in the menu anymore-they show up in an MMC but the AD tools, users and computers, domains and trusts etc will not run. Shortcuts mostly do not work anymore, from desktop, and search does not work either. When I try to run msconfig it can't find it unless I type the full path. My PATH environment variable is as follows: (Do you see any issues?)

E:\Program Files\Support Tools\;C:\Program Files\PeerDirect\bin;C:\PROGRA~1\PEERDI~1\pdre\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;%OMPATH%;C:\Program Files\Dell\OpenManage\Array Manager;C:\Program Files\Microsoft SQL Server\80\Tools\BINN;E:\PROGRA~1\DISKEE~1\DISKEE~1\;C:\WINDOWS\system32\WindowsPowerShell\v1.0;

 

Thank you soo much for your observations. It looks like one of the scanners did pickup and clean the smss but the wins.exe was still there. Unfortunately the old admin had not updated virus defs for over a year but I don't know why McAfee did not pick them up now after I updated and have regular scans running.

I have deleted wins.exe and am now running sfc /scannow to help restore missing and corrupt files. I think this should solve most of the issues but we will see. I will check open ports after a reboot and see what is going on there. I have to assume that one of the trojans opened all those up. This server does have customer info on it so I need to do a thorough check of everything. Even encrypted info is not good to have it stolen. Luckily no credit card numbers but names and emails and addresses,

This is of great help already. I think I'm on the right track now. I suspect that the admin profile I'm using may be what is screwed up so I will create a new admin account from the other server in the domain-I forgot I even had that one at a different site! Thanks for your help so far and I will post an update

Kim

 

Well I was able to clear all of the infections but I had to just reinstall Windows Server 2003 slipstreamed with SP2 in order to get the admin functionality back. Everything looks great now and I have reset the virus protection and malware protection to update automatically and scan regularly. It did though infect the rest of the network and they all had their virus scanners not being updated also.

Breaks my heart to see the laziness of other admins. I had all this stuff self-regulating before he took over. Prevention is the best medicine.

Thanks for your help.