jrs_50
asked on
Sharing violation on NTUSER.DAT (LoadProfile)
Sharing violation on NTUSER.DAT (LoadProfile) 11/07/2006 09:32:45.439 thread:2364 [d:\xpsprtm\admin\wmi\wbem
The above message (multiple instances) occured in my .Net Framework log this AM during the same time as some sort of 'wierd' "restore" action was occurring, somehow related to ASPNET. Overall; I believe this is possibly related to a hack I've been analyzing/attempting to block. It was too late to determine the thread source by the time I discovered the log entry.
Anyone able to tell me what I might glean from the message beyond the obvious? Any other logs etc I might peruse to tie things down more specifically?
I'm not a .Net expert. This message is new to me and I can't find any information about it. And what is the "d:\......" indicative of. It's not my CD ("D") drive (which currently isn't working due to another manifestation of the hack) but I've seen it in relation to some other messages that seem to be related to the problem I'm working on.
Please don't suggest scans etcetera. Been there done that. Essentially, since my own systems 'tools' etcetera are being used against me the scans aren't really finding anything. There's a backdoor (somewhere) on my system that I've been unable to locate.
Thanks. Note: My access to internet/mail is severely limited due to the problem but I WILL check back.
J
The above message (multiple instances) occured in my .Net Framework log this AM during the same time as some sort of 'wierd' "restore" action was occurring, somehow related to ASPNET. Overall; I believe this is possibly related to a hack I've been analyzing/attempting to block. It was too late to determine the thread source by the time I discovered the log entry.
Anyone able to tell me what I might glean from the message beyond the obvious? Any other logs etc I might peruse to tie things down more specifically?
I'm not a .Net expert. This message is new to me and I can't find any information about it. And what is the "d:\......" indicative of. It's not my CD ("D") drive (which currently isn't working due to another manifestation of the hack) but I've seen it in relation to some other messages that seem to be related to the problem I'm working on.
Please don't suggest scans etcetera. Been there done that. Essentially, since my own systems 'tools' etcetera are being used against me the scans aren't really finding anything. There's a backdoor (somewhere) on my system that I've been unable to locate.
Thanks. Note: My access to internet/mail is severely limited due to the problem but I WILL check back.
J
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
It is not a matter of 'if' and I am well aware that a reinstall will be required. However, the previous reinstall did not resolve the issue. I have another day, or so, to attempt to narrow things down a bit and perhaps prevent reoccurrence before engaging in the lengthy process of rebuilding the system from scratch and associated other steps that apparently will need to be taken. The message posted appears to bear some relation to the overall 'problem'.
I'm still hoping that someone more familiar with the .Net framework can provide further info regarding how I might better 'interpret' the message with regard to determining a 'cause'. I have been unable to find any more specific information regarding the potential/likely cause of the 'error'. I am also limited regarding the ability to stay on the internet for any prolonged periods and hoping someone who has more time might be able to find what I can't. Anyone?
Thanks,
J
I'm still hoping that someone more familiar with the .Net framework can provide further info regarding how I might better 'interpret' the message with regard to determining a 'cause'. I have been unable to find any more specific information regarding the potential/likely cause of the 'error'. I am also limited regarding the ability to stay on the internet for any prolonged periods and hoping someone who has more time might be able to find what I can't. Anyone?
Thanks,
J
ASKER
I forgot I had this open.
ASKER
Does not, however, address this issue. I'd still like to find out WHAT created the sharing violation. It's a more distinct error than the previous sporadic occurances of "Impersonation failed". I'd like to tie it with the apparent access to virutally every system32 file that occurred at the same time.
Thanks for the info anyway. I like uphclean.
J