 |
 |
Amin, This was a scan that went around campuses all over the country in mid-late April. Unless the scan has happened again more recently, this is probably when you first got infected with the backdoor virus, which should be named RemoteNC. The person(s) that did this scan, scanned subnets of windows computers for weak administrator passwords, so you may want to change the admin passwords on your PDC's. They also sometimes replaced the MSTask.exe with the same backdoor, so you may want to check that one as well. The problem with just deleting or replacing the W32Time.exe is that the Windows Time service doesn't actually use that for its service, it's run by services.exe. There is a w32tm.exe that's description says its the "Microsoft® Win32 Time Service", so i'm guessing that the services.exe process calls the w32tm.exe. The w32time.exe process isn't needed at all, and should be deleted. To get the Time service running again, you should be able to just change this registry value; "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\ImagePath=%SystemRoot%\System32\services.exe". Then restart the service, and/or reboot the computer. Once the time service is running again, you configure the it with "net.exe time" hope that helps Amin Elrashid wrote: > I appreciate any help ! > > W32Time? > I have 2 PDC in Active directory one of them got the backdoor virus, which > effected the W32Time.exe. To clean the virus, Symantec suggested to delete > the file, so I did, > and I downloaded one from the net on the Winnt\system32. As I did that the > server was so slow, the processor %100 most of the time- it was up for 10 > min- then I stopped the service " Windows Time " and the server is back and > running, but most of my > Windows 98 & XO &2000 they can not synchronize the domain time, and some > time you can > browse the network, and most of the time you can't, and network resources is > out too. > I have the error message from the computers and the server! > my question is; any one know how to configure the win time on 2000 server > using > W32Time? > > Amin Elrashid > MIS Manager > Food Science and Human Nutrition > 120 G.M. Trout Building > Michigan State University > East Lansing, MI 48824-1224 > 517-355-8474 Ext 106 > Fax: 517-353-8963 > E-mail: [log in to unmask] > www.msu.edu/unit/fshn/ttc > -- Steve Foley <[log in to unmask]> DECS PC Administration <[log in to unmask]> Michigan State University