Solved

Windows 2000 Server, Event Viewer won't let me view individual events.

Posted on 2003-11-06
14
390 Views
Last Modified: 2010-04-14
Came to an off-site office with our company and found the domain controller down.  It appeared to have virus issues.

After getting this server back up and running I've noticed that although there doesn't seem to be any viruses left, I can open Event Viewer, but any event I click on won't open.  And when I try to close Event Viewer, it thinks an event window is open and tells me to close that first.

I've found this on another server in this office too.

Do you have any idea what may cause this?

Gary Eaves
0
Comment
Question by:geaves
  • 6
  • 4
  • 3
14 Comments
 
LVL 18

Expert Comment

by:JConchie
ID: 9695490
What virus was on the machine?    Without more specifics, I would think the best way to fix this would be to run a repair from your server disk.........it is likely that the virus has left you with file corruption in the OS.

Knowing the virus may or may not help pin down which files could be corrupted.......by in any case the remedy is the same.

what are you running for AV at this site?  Firewall in place?
0
 

Author Comment

by:geaves
ID: 9695634
I just implemented Mcaffee Enterprise 7.0, after I got here.

It found the viruses.  Norton, which was already installed didn't show anything.

We had the IRC/Flood.i and NTROOTKIT-D.

Thanks,

Gary Eaves


0
 
LVL 18

Expert Comment

by:JConchie
ID: 9695684
I would go to the symantec site, the trendmicro site and the Mcaafee site and search their virus encyclopedias for these two and see if you can find any mention of damaged os files.  Symantec and TrendMicro usually have cleaner tools available for most viruses....that may cure this for you......but I think you are probably still going to have to run repairs on the OS.
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 3

Expert Comment

by:syntnx
ID: 9697144
Gary,

Ive seen this on a 2000 pro machine once. In my case I has services that were not starting and I could look at the services or event viewer to see what was causing the problem. (same exact symptoms with the open window and all).

What I ended up discovering was that if you have admin perms, you can use event viewer form another 2000 machine to look at the remote machines event log.

In the left pane of the  mmc, right click on the event viewer (local) and choose "connect to another computer". enter the servers name in and connect.

Hopefully, the event logs will give you insight into what is going on. In my case someone had disabled the hardware profile to the RPC service (this is the svchost.exe process that runs half of Win 2K services). I re-enabled it and rebooted.

Hope this helps.

syntnx

ps - you can remote connect with regedit too. This can be a lot of fun (ie: changing the desktops wallpaper on a coworker).

0
 
LVL 18

Expert Comment

by:JConchie
ID: 9697219
"This can be a lot of fun (ie: changing the desktops wallpaper on a coworker)."

syntnx:  Users like you are a Net Admin's fondest nightmare.   :-)
0
 
LVL 3

Expert Comment

by:syntnx
ID: 9697249
lol

I am a net admin, evil aye?

syntnx
0
 

Author Comment

by:geaves
ID: 9697252
RPC had, indeed, stopped.

I restarted it and the machine started working properly.

I'll be watching it to insure it doesn't keep dying.

Thanks for your help.
0
 

Author Comment

by:geaves
ID: 9697253
RPC had, indeed, stopped.

I restarted it and the machine started working properly.

I'll be watching it to insure it doesn't keep dying.

Thanks for your help.
0
 
LVL 18

Expert Comment

by:JConchie
ID: 9697283
systnx,
figured as much......bad net admin, bad, bad, Sit! Stay!

........But damn good call on this question.........this is what I love about EE...in the midst of helping somebody else, I learn something new myself................geaves........an "A" and all the points to systnx!!
0
 
LVL 3

Expert Comment

by:syntnx
ID: 9697340
...wimper

ty, took me quite a few hours of troubleshooting to find it on my machine

Machine was running a oracle db with a lot of data being generated, and, uh um, somebody forgot to add it to the schduled tape backups (well um, its being backed up now).

Any hoo, after an hour on phone support with the software company, the third tier guy there thought it might have something to do with hardware profiles, which well you get the picture.

Glad i could help Gary

syntnx
0
 

Author Comment

by:geaves
ID: 10043498
Sorry, this may have been by first guestion and I didn't finalize.

0
 
LVL 18

Accepted Solution

by:
JConchie earned 250 total points
ID: 10044633
........But damn good call on this question.........this is what I love about EE...in the midst of helping somebody else, I learn something new myself................geaves........an "A" and all the points to systnx!!
0
 
LVL 18

Expert Comment

by:JConchie
ID: 10044686
CleanupPing,

systrix hit the nail on the head with the answer to this one........I meant that he/she should get the points here........thanks
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Troubleshooting common task sequence error codes
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now