I have a workstation that runs w2k pro joined to the domain, which it received a worm over the last weekend. I took it out of production to try to recover. The av was disabled for no apparent reason. I was able to install a new av and I can only scan it under safe mode. If i try to login to the local admin, i get no desktop just the background color. Is there a way to fix that?
If you have a machine that have been infected, I would reinstall it, there is really no way for you to be sure that you get the virus removed.
Let me give you an example, and this is about 2½ years ago. Helped a friend with an infected PC, AV was disabled, got it uninstalled, installed another program, it found 5 vira, and removed them.. everything was good I thought... So I thought I would reinstall the old AV again, since they had payed for it.. It installled fine, and found the same 5 vira.. I tried with 4 different AV programs, they all found the vira one time, after that they were not detected again.
Microsoft Powershell MVP
SIG> George Bernard Shaw : The power of accurate observation is commonly called cynicism by those who have not got it. </SIG>