We have had 2 of our servers (windows 2000 server SP2) affected with the
Backdoor.RemoteNC virus via the winnt\system32\W32Time.exe file. NAV CE7.5
can't clean it since the process is running. I was going to delete the
file, but in looking at Microsoft articles, it sounds like it is needed for
the W32Time Time service (at least that's the way it sounds).
1) How do I determine whether the file is actually needed or if we had the
Time Service running before this virus affected our server?
2) If I do need to delete the file and determine that I really do need it,
how do I get a "clean" copy of it. It isn't found on any of our servers
that aren't infected (2/3 are infected).