Solved

Windows 2000 Server, Event Viewer won't let me view individual events.

Posted on 2003-11-06
14
389 Views
Last Modified: 2010-04-14
Came to an off-site office with our company and found the domain controller down.  It appeared to have virus issues.

After getting this server back up and running I've noticed that although there doesn't seem to be any viruses left, I can open Event Viewer, but any event I click on won't open.  And when I try to close Event Viewer, it thinks an event window is open and tells me to close that first.

I've found this on another server in this office too.

Do you have any idea what may cause this?

Gary Eaves
0
Comment
Question by:geaves
  • 6
  • 4
  • 3
14 Comments
 
LVL 18

Expert Comment

by:JConchie
ID: 9695490
What virus was on the machine?    Without more specifics, I would think the best way to fix this would be to run a repair from your server disk.........it is likely that the virus has left you with file corruption in the OS.

Knowing the virus may or may not help pin down which files could be corrupted.......by in any case the remedy is the same.

what are you running for AV at this site?  Firewall in place?
0
 

Author Comment

by:geaves
ID: 9695634
I just implemented Mcaffee Enterprise 7.0, after I got here.

It found the viruses.  Norton, which was already installed didn't show anything.

We had the IRC/Flood.i and NTROOTKIT-D.

Thanks,

Gary Eaves


0
 
LVL 18

Expert Comment

by:JConchie
ID: 9695684
I would go to the symantec site, the trendmicro site and the Mcaafee site and search their virus encyclopedias for these two and see if you can find any mention of damaged os files.  Symantec and TrendMicro usually have cleaner tools available for most viruses....that may cure this for you......but I think you are probably still going to have to run repairs on the OS.
0
 
LVL 3

Expert Comment

by:syntnx
ID: 9697144
Gary,

Ive seen this on a 2000 pro machine once. In my case I has services that were not starting and I could look at the services or event viewer to see what was causing the problem. (same exact symptoms with the open window and all).

What I ended up discovering was that if you have admin perms, you can use event viewer form another 2000 machine to look at the remote machines event log.

In the left pane of the  mmc, right click on the event viewer (local) and choose "connect to another computer". enter the servers name in and connect.

Hopefully, the event logs will give you insight into what is going on. In my case someone had disabled the hardware profile to the RPC service (this is the svchost.exe process that runs half of Win 2K services). I re-enabled it and rebooted.

Hope this helps.

syntnx

ps - you can remote connect with regedit too. This can be a lot of fun (ie: changing the desktops wallpaper on a coworker).

0
 
LVL 18

Expert Comment

by:JConchie
ID: 9697219
"This can be a lot of fun (ie: changing the desktops wallpaper on a coworker)."

syntnx:  Users like you are a Net Admin's fondest nightmare.   :-)
0
 
LVL 3

Expert Comment

by:syntnx
ID: 9697249
lol

I am a net admin, evil aye?

syntnx
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 

Author Comment

by:geaves
ID: 9697252
RPC had, indeed, stopped.

I restarted it and the machine started working properly.

I'll be watching it to insure it doesn't keep dying.

Thanks for your help.
0
 

Author Comment

by:geaves
ID: 9697253
RPC had, indeed, stopped.

I restarted it and the machine started working properly.

I'll be watching it to insure it doesn't keep dying.

Thanks for your help.
0
 
LVL 18

Expert Comment

by:JConchie
ID: 9697283
systnx,
figured as much......bad net admin, bad, bad, Sit! Stay!

........But damn good call on this question.........this is what I love about EE...in the midst of helping somebody else, I learn something new myself................geaves........an "A" and all the points to systnx!!
0
 
LVL 3

Expert Comment

by:syntnx
ID: 9697340
...wimper

ty, took me quite a few hours of troubleshooting to find it on my machine

Machine was running a oracle db with a lot of data being generated, and, uh um, somebody forgot to add it to the schduled tape backups (well um, its being backed up now).

Any hoo, after an hour on phone support with the software company, the third tier guy there thought it might have something to do with hardware profiles, which well you get the picture.

Glad i could help Gary

syntnx
0
 

Author Comment

by:geaves
ID: 10043498
Sorry, this may have been by first guestion and I didn't finalize.

0
 
LVL 18

Accepted Solution

by:
JConchie earned 250 total points
ID: 10044633
........But damn good call on this question.........this is what I love about EE...in the midst of helping somebody else, I learn something new myself................geaves........an "A" and all the points to systnx!!
0
 
LVL 18

Expert Comment

by:JConchie
ID: 10044686
CleanupPing,

systrix hit the nail on the head with the answer to this one........I meant that he/she should get the points here........thanks
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Application Deployment - Simple 7 640
Update a root certificate 8 652
Windows 2000, Ghost 2003, disk1 disk 2 mirroring 17 348
Corrupted W2K  serverregistry 2 150
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
There are many Password Managers (PM) out there to choose from. PM's can help with your password habits and routines, but they should not be a crutch you rely on too heavily. I also have an article for company/enterprise PM's.
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
Many functions in Excel can make decisions. The most simple of these is the IF function: it returns a value depending on whether a condition you describe is true or false. Once you get the hang of using the IF function, you will find it easier to us…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now