Previous Thread:   What is the purpose of NTuser.dat file?

9/2/2005 8:40:27 AM    Perfmon
Ok here is our situation.  
  
A windows 2003 server was infected by a virus, the virus created instances  
  
of perfHmon, (not perfmon) and added registry settings for it to be launched  
  
as a service.  
  
One of our junior technicians thought it a great idea to remove these  
  
entries from the registry.. but in doind so he also removed all entries  
  
regarding "perfmon", which is the performance monitor in windows.  
  
Does anyone know what entries need to be made in the registry in oreder for  
  
this legit service to run?  
  
And can one replace the perfmon.exe file from another windows 2003 server  
  
installation, without huge detriment to the server.  
  
I am also afraid to restart the system incase it wont boot properly back  
  
into windows... or will this solve the problem, by recreating the instances  
  
of perfmon?  
  
No backups are avaliable for use in restoring the registry.  
  
Help in this regard would be unbelievable appreciated.



9/2/2005 1:20:08 PM    Re: Perfmon
In microsoft.public.win2000.registry =?Utf-8?B?UmljaA==?= wrote:  
  
That would be *former* junior technician now?  
  
I suspect much more than that will be required.  
  
Ouch!  I'm sure that situation will be rectified in the future.  
  
I do not have a definitive recomendation.  Possibly doing a "repair  
  
install" would be a solution, but I cannot guaranty that method  
  
will work.  
  
There are several other regular posters I expect will have some  
  
feedback on this topic if you can wait a bit.