Advertisement

05.29.2007 at 02:29AM PDT, ID: 22599119
[x]
Attachment Details

System Event Notification service does not start on SBS 2003 after rootkits and backdoors got in.

Asked by jon_m_obrien in Miscellaneous Security, Anti-Virus Applications, SBS Small Business Server

Tags: event, notification, service, system

I have a Windows SBS 2003.

The System Event Notification service does not start.

I am getting every 30 seconds the following Event Viewer Error:
Source: Service Control Manager
Event ID: 7023
Description:
The System Event Notification service terminated with the following error: The specified module could not be found.

For more information, see Help and Support Center at:
And clicking on the go link shows the following information will be sent:
Event ID: 7023
File Name: netevent.dll
File Version: 5.2.3790.0
etc.

I have tried copying the netevent.dll file from another SBS2003 server, same problem.
I've also tried sending the information to help and support but my Help and Support service is not running (and I cannot actually see it in the services list to start it).

I'm also having issues getting Veritas Backup Exec to run properly.

This server had a Virus / Trojan / Worm / Backdoor / Rootkit issue. It also had the SAM hosed.
Using recovery console I reloaded the SAM from repair.
We have had Symantec AntiVirus Cororate Edition v10.0 running. I've updated it to 10.1 now.
I've loaded and run many times AVG AntiSpyware and AVG AntiRootKit, removing things.
I've also seen .exe a and .vbe files appearing that I know are bad that nothing is picking up.
I've disabled services that appeared with no description that are obviously bad.
I've deleted user accounts that have appeared (such as net, asp.net, iisservice, tsinternet) which took Administrator group rights, and actually saw these new users log in via terminal services, goto the registry, and try to give SAM full access to all users, and install downloadhelper.exe and download Casino games right onto my server.

So figure the SENS error is as a result of that, but don't know why replacing the netevent.dll file doesn't help. Seems like it is calling upon another file, but I do not know what.

I jsut upgraded Windows 2003 Server SP1 to SP2. It did not fix the issue.

I turned back on the Windows Updates (guess the hackers turned it off) so hoping the SP2 and new updates will keep them out moving forwards.

Can someone please help?
Ta,
Jono.Start Free Trial
[+][-]05.29.2007 at 04:57AM PDT, ID: 19171572

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]06.24.2007 at 03:03AM PDT, ID: 19350450

Experts Exchange has a courteous staff of administrators who help members get the most out of the website by means of administrative comments like this one.

Start your 7-day free trial to view this Administrative Comment or ask the Experts your question.

 
[+][-]06.24.2007 at 03:07AM PDT, ID: 19350461

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]06.24.2007 at 04:27AM PDT, ID: 19350664

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]06.24.2007 at 08:35AM PDT, ID: 19351402

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]06.24.2007 at 09:10AM PDT, ID: 19351498

View this solution now by starting your 7-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zones: Miscellaneous Security, Anti-Virus Applications, SBS Small Business Server
Tags: event, notification, service, system
Sign Up Now!
Solution Provided By: TechSoEasy
Participating Experts: 1
Solution Grade: B
 
 
 
Loading Advertisement...
20080716-EE-VQP-32