CAUSE This behavior can occur if you downloaded the Backdoor.NTHack virus from a remote host into your computer. This virus is initiated by the Dl.bat file in the InetPub\Scripts folder.
As a result, both the Firedaemon.exe and Sud.exe files are installed on the computer as well as the Os2srv.exe and Mmtask.exe files, which along with the Sud.exe and Index.exe files are run as services.
To resolve this behavior, you must perform a parallel install of Windows NT 4.0 or Windows 2000 and/or make the following changes by using the Windows 2000 Recovery Console.
The Newgina.dll file is specified under the following registry key when you access the original software hive from a parallel install: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Value = GinaDLL REG_SZ
Gina.dll = Newgina.dll Original Gina.dll = Msgina.dll (or Awgina.dll) From the parallel install or in the Recovery Console, rename the Newgina.dll file to "Newgina.old". Rename the original Gina file, for example, the Msgina.dll file to "Newgina.dll". This renaming enables the original Gina file to be loaded under the name "Newgina.dll" which is specified in the registry. If you cannot locate the Newgina.dll file in Windows Explorer, you can delete or replace the newgina.dll value in GinaDLL (REG_SZ) with msgina.dll (or awgina.dll) under the following registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
This change enables the original Gina.dll file to be loaded from the cache.
You must also disable and delete the services that are associated with the virus as well as the files that are installed in the C:\Winnt\System32\Os2\New folder.
The Dl.bat file in the InetPub\Scripts folder must also be deleted. MORE INFORMATION
If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.
How do I fix