geaves
asked on
Windows 2000 Server, Event Viewer won't let me view individual events.
Came to an off-site office with our company and found the domain controller down. It appeared to have virus issues.
After getting this server back up and running I've noticed that although there doesn't seem to be any viruses left, I can open Event Viewer, but any event I click on won't open. And when I try to close Event Viewer, it thinks an event window is open and tells me to close that first.
I've found this on another server in this office too.
Do you have any idea what may cause this?
Gary Eaves
After getting this server back up and running I've noticed that although there doesn't seem to be any viruses left, I can open Event Viewer, but any event I click on won't open. And when I try to close Event Viewer, it thinks an event window is open and tells me to close that first.
I've found this on another server in this office too.
Do you have any idea what may cause this?
Gary Eaves
ASKER
I just implemented Mcaffee Enterprise 7.0, after I got here.
It found the viruses. Norton, which was already installed didn't show anything.
We had the IRC/Flood.i and NTROOTKIT-D.
Thanks,
Gary Eaves
It found the viruses. Norton, which was already installed didn't show anything.
We had the IRC/Flood.i and NTROOTKIT-D.
Thanks,
Gary Eaves
I would go to the symantec site, the trendmicro site and the Mcaafee site and search their virus encyclopedias for these two and see if you can find any mention of damaged os files. Symantec and TrendMicro usually have cleaner tools available for most viruses....that may cure this for you......but I think you are probably still going to have to run repairs on the OS.
Gary,
Ive seen this on a 2000 pro machine once. In my case I has services that were not starting and I could look at the services or event viewer to see what was causing the problem. (same exact symptoms with the open window and all).
What I ended up discovering was that if you have admin perms, you can use event viewer form another 2000 machine to look at the remote machines event log.
In the left pane of the mmc, right click on the event viewer (local) and choose "connect to another computer". enter the servers name in and connect.
Hopefully, the event logs will give you insight into what is going on. In my case someone had disabled the hardware profile to the RPC service (this is the svchost.exe process that runs half of Win 2K services). I re-enabled it and rebooted.
Hope this helps.
syntnx
ps - you can remote connect with regedit too. This can be a lot of fun (ie: changing the desktops wallpaper on a coworker).
Ive seen this on a 2000 pro machine once. In my case I has services that were not starting and I could look at the services or event viewer to see what was causing the problem. (same exact symptoms with the open window and all).
What I ended up discovering was that if you have admin perms, you can use event viewer form another 2000 machine to look at the remote machines event log.
In the left pane of the mmc, right click on the event viewer (local) and choose "connect to another computer". enter the servers name in and connect.
Hopefully, the event logs will give you insight into what is going on. In my case someone had disabled the hardware profile to the RPC service (this is the svchost.exe process that runs half of Win 2K services). I re-enabled it and rebooted.
Hope this helps.
syntnx
ps - you can remote connect with regedit too. This can be a lot of fun (ie: changing the desktops wallpaper on a coworker).
"This can be a lot of fun (ie: changing the desktops wallpaper on a coworker)."
syntnx: Users like you are a Net Admin's fondest nightmare. :-)
syntnx: Users like you are a Net Admin's fondest nightmare. :-)
lol
I am a net admin, evil aye?
syntnx
I am a net admin, evil aye?
syntnx
ASKER
RPC had, indeed, stopped.
I restarted it and the machine started working properly.
I'll be watching it to insure it doesn't keep dying.
Thanks for your help.
I restarted it and the machine started working properly.
I'll be watching it to insure it doesn't keep dying.
Thanks for your help.
ASKER
RPC had, indeed, stopped.
I restarted it and the machine started working properly.
I'll be watching it to insure it doesn't keep dying.
Thanks for your help.
I restarted it and the machine started working properly.
I'll be watching it to insure it doesn't keep dying.
Thanks for your help.
systnx,
figured as much......bad net admin, bad, bad, Sit! Stay!
........But damn good call on this question.........this is what I love about EE...in the midst of helping somebody else, I learn something new myself................geav
figured as much......bad net admin, bad, bad, Sit! Stay!
........But damn good call on this question.........this is what I love about EE...in the midst of helping somebody else, I learn something new myself................geav
...wimper
ty, took me quite a few hours of troubleshooting to find it on my machine
Machine was running a oracle db with a lot of data being generated, and, uh um, somebody forgot to add it to the schduled tape backups (well um, its being backed up now).
Any hoo, after an hour on phone support with the software company, the third tier guy there thought it might have something to do with hardware profiles, which well you get the picture.
Glad i could help Gary
syntnx
ty, took me quite a few hours of troubleshooting to find it on my machine
Machine was running a oracle db with a lot of data being generated, and, uh um, somebody forgot to add it to the schduled tape backups (well um, its being backed up now).
Any hoo, after an hour on phone support with the software company, the third tier guy there thought it might have something to do with hardware profiles, which well you get the picture.
Glad i could help Gary
syntnx
ASKER
Sorry, this may have been by first guestion and I didn't finalize.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
CleanupPing,
systrix hit the nail on the head with the answer to this one........I meant that he/she should get the points here........thanks
systrix hit the nail on the head with the answer to this one........I meant that he/she should get the points here........thanks
Knowing the virus may or may not help pin down which files could be corrupted.......by in any case the remedy is the same.
what are you running for AV at this site? Firewall in place?