Solved

Windows 2000 Server, Event Viewer won't let me view individual events.

Posted on 2003-11-06
14
394 Views
Last Modified: 2010-04-14
Came to an off-site office with our company and found the domain controller down.  It appeared to have virus issues.

After getting this server back up and running I've noticed that although there doesn't seem to be any viruses left, I can open Event Viewer, but any event I click on won't open.  And when I try to close Event Viewer, it thinks an event window is open and tells me to close that first.

I've found this on another server in this office too.

Do you have any idea what may cause this?

Gary Eaves
0
Comment
Question by:geaves
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 3
14 Comments
 
LVL 18

Expert Comment

by:JConchie
ID: 9695490
What virus was on the machine?    Without more specifics, I would think the best way to fix this would be to run a repair from your server disk.........it is likely that the virus has left you with file corruption in the OS.

Knowing the virus may or may not help pin down which files could be corrupted.......by in any case the remedy is the same.

what are you running for AV at this site?  Firewall in place?
0
 

Author Comment

by:geaves
ID: 9695634
I just implemented Mcaffee Enterprise 7.0, after I got here.

It found the viruses.  Norton, which was already installed didn't show anything.

We had the IRC/Flood.i and NTROOTKIT-D.

Thanks,

Gary Eaves


0
 
LVL 18

Expert Comment

by:JConchie
ID: 9695684
I would go to the symantec site, the trendmicro site and the Mcaafee site and search their virus encyclopedias for these two and see if you can find any mention of damaged os files.  Symantec and TrendMicro usually have cleaner tools available for most viruses....that may cure this for you......but I think you are probably still going to have to run repairs on the OS.
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 
LVL 3

Expert Comment

by:syntnx
ID: 9697144
Gary,

Ive seen this on a 2000 pro machine once. In my case I has services that were not starting and I could look at the services or event viewer to see what was causing the problem. (same exact symptoms with the open window and all).

What I ended up discovering was that if you have admin perms, you can use event viewer form another 2000 machine to look at the remote machines event log.

In the left pane of the  mmc, right click on the event viewer (local) and choose "connect to another computer". enter the servers name in and connect.

Hopefully, the event logs will give you insight into what is going on. In my case someone had disabled the hardware profile to the RPC service (this is the svchost.exe process that runs half of Win 2K services). I re-enabled it and rebooted.

Hope this helps.

syntnx

ps - you can remote connect with regedit too. This can be a lot of fun (ie: changing the desktops wallpaper on a coworker).

0
 
LVL 18

Expert Comment

by:JConchie
ID: 9697219
"This can be a lot of fun (ie: changing the desktops wallpaper on a coworker)."

syntnx:  Users like you are a Net Admin's fondest nightmare.   :-)
0
 
LVL 3

Expert Comment

by:syntnx
ID: 9697249
lol

I am a net admin, evil aye?

syntnx
0
 

Author Comment

by:geaves
ID: 9697252
RPC had, indeed, stopped.

I restarted it and the machine started working properly.

I'll be watching it to insure it doesn't keep dying.

Thanks for your help.
0
 

Author Comment

by:geaves
ID: 9697253
RPC had, indeed, stopped.

I restarted it and the machine started working properly.

I'll be watching it to insure it doesn't keep dying.

Thanks for your help.
0
 
LVL 18

Expert Comment

by:JConchie
ID: 9697283
systnx,
figured as much......bad net admin, bad, bad, Sit! Stay!

........But damn good call on this question.........this is what I love about EE...in the midst of helping somebody else, I learn something new myself................geaves........an "A" and all the points to systnx!!
0
 
LVL 3

Expert Comment

by:syntnx
ID: 9697340
...wimper

ty, took me quite a few hours of troubleshooting to find it on my machine

Machine was running a oracle db with a lot of data being generated, and, uh um, somebody forgot to add it to the schduled tape backups (well um, its being backed up now).

Any hoo, after an hour on phone support with the software company, the third tier guy there thought it might have something to do with hardware profiles, which well you get the picture.

Glad i could help Gary

syntnx
0
 

Author Comment

by:geaves
ID: 10043498
Sorry, this may have been by first guestion and I didn't finalize.

0
 
LVL 18

Accepted Solution

by:
JConchie earned 250 total points
ID: 10044633
........But damn good call on this question.........this is what I love about EE...in the midst of helping somebody else, I learn something new myself................geaves........an "A" and all the points to systnx!!
0
 
LVL 18

Expert Comment

by:JConchie
ID: 10044686
CleanupPing,

systrix hit the nail on the head with the answer to this one........I meant that he/she should get the points here........thanks
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
A look at what happened in the Verizon cloud breach.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question