I have a game and IIS 4.0 server running Windows NT 4.0 sp6 sitting at my (local) ISP. The ISP owner is kind of a friend and lets me keep it there for free so I don’t like to bother him with problems any more than I have to, but I’m a novice/hobbyist admin at best.

When I access my server through pc-anywhere (v9) it doesn’t recognize a ctrl-alt-del.
(ctrl-alt-d actually via pc-anywhere or the button on the toolbar)

This just started because...

I found the server was infected with the Win32.NTHack.dll or Gina Trojan, part of a hacking tool known as BackGate kit - discribed on this page. http://www.cai.com/virusinfo/encyclopedia/descriptions/b/backgatekit.htm

Sooooo, following the advice on the page:


To remove files installed by BackGate kit, search and remove the following registry keys:

HKLM\System\CurrentControlSet\Services\MMtask
HKLM\System\CurrentControlSet\Services\OS2srv
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL

Reboot the infected server...


I did that and now - I can get to the server and see NT’s ctrl-alt-del login dialog box through pc-anywhere but the server won’t recognize a remote ctrl-alt-del to actually login to NT after a reboot. If someone at my ISP (they’re sitting at the server) logs-in for me, I can then get to the server and see my desktop, but if I reboot (install a patch or whatever) I once again can’t login to NT remotely.

Any thoughts?

Thanks for reading and for any suggestions too.

I'm not positive about this, but doesn't the PC Anywhere client have to be configured to pass through ctrl-alt-del in NT?

Well I’ve been accessing my server via pc anywhere for about a year now (countless ctrl-alt-del’s) and I didn’t change any pc anywhere settings - just tried to rid my server of the hack as I described above.

That’s not to say a setting couldn’t of got changed, I just don’t know how it would have.

Thanks, I’ll look into it though.

Nope - that wasn’t it...