Isn't there a GPO that would turn on remote access for Domain Admins? If it is part of a domain and you have access to the Domain Controller then just have it restarted once or twice and you should be good to go.
Jon On Thu, May 13, 2010 at 6:26 PM, Peter van Houten <peter...@gmail.com>wrote: > I have a XP Pro [fully patched :-) ] box on a network that has been > infected (probably Virut). It is the classic login...loading your > personal settings...logging off scenario. > > Recovering the data and fixing the malware problem is easy. The real > problem is that the box is 300 miles away, so I am trying to avoid > flying there tomorrow, just before the weekend. > > What can't be done / makes no difference: > ----------------------------------------------------------- > 1) Login locally (admin credentials make no difference) > 2) Login remotely using RDP or VNC, directly via VPN or via another box > on the remote network (goes through the motions as above). > 2) Start in any form of safe mode. > 3) Restore to earlier date, last known good config. > 4) Map drives to *any* shares from another box > 5) Use any clever login scripts on the server > 6) Use psexec to run anything remotely. > 7) Instruct the user to step through anything technical :-( > > What can be done: > -------------------------- > 1) Ping the box > 2) Netbios is enabled, so it shows in network > 3) Scan the IP and show ports 139 and 445 open > 4) Open and close a null RPC connection (enum, etc not helping) > > My hope is that one of you boffins has a script that will, via RPC turn > on the telnet server, open port 23 and let me copy a document from the > desktop [aarrgh] to USB. Or something equally as clever... > > TIA but please no advice on malware, > > -- > Peter van Houten > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
