• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1079
  • Last Modified:

The system restarts after some time frequently

the system for windows 2000 server restarts frequently with automatic shutdown, microsoft states that there are shares mentioned in the registry key and that i have checked all shares are system shares the error is
The system process 'c:\winnt\system32\services.exe' terminated unexpectedly with status code 128. The system will now shutdown and restart.
0
Wild_Cat
Asked:
Wild_Cat
  • 5
  • 4
1 Solution
 
loknaCommented:
If I understand you correctly, you have tested the solution at http://support.microsoft.com/kb/318447  , and it didn't work?
I have seen similar problems caused by some viruses, so I recommend a full scan of the system.
0
 
Wild_CatAuthor Commented:
where to start antivirus gave me 4 files with virus namesd i have nod32 installed on my server
the virus names are as follows
BAT/TrojanDownloader.Agent  
IRC/SdBot trojan
    file name: dot3cfg.exe, smlogsvcc.exe
The server reboots after every 45 minutes and the microsoft solution reffers to a reg key that is totally empty and the server has following shares
C$
D$
E$
F$
G$
H$
Admin$
IPC$
0
 
Wild_CatAuthor Commented:
If it is a virus than what should be the solution you recomend?
0
[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

 
Wild_CatAuthor Commented:
the server removed files like aaa.bat, run.vbs from the root of the system
0
 
loknaCommented:
The virus detected as IRC/SdBot trojan is a backdoor Trojan, so I would start with disconnecting the server from the network completely.
Symantec has removal instructions for this here: http://www.symantec.com/security_response/writeup.jsp?docid=2002-051312-3628-99&tabid=3  . Since this is an old Trojan it might have mutated and the instructions might not be valid anymore, but try.
To be completely sure that its gone, you should also scan the drives for viruses on another computer if possible, ergo insert the drives as secondary drives in a working, updated and isolated test computer and scan them. If system files have been infected, it might be impossible to remove the virus while the server is running. Another possible solution is to run the virus scan from a bootable cd/dvd.

If this doesnt  fix the problem let me know.

0
 
Wild_CatAuthor Commented:
All the reffered system registry entries are not there only nod32kui.exe service running from Eset folder and algs.exe missing and its disabled which is applicatio layer gateway service i guess
0
 
loknaCommented:
Virus software like to disguise themselves as system processes, but if the scans came back clean it's probably OK. If it's still restarting, try running process explorer to find out which services are running. Services.exe is a generic process for launching services, and one instance can run multiple services hidden in the background.
Download process explorer from http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx , it will show which services are running behind services.exe. It is normal to have multiple services.exe instances running.
0
 
Wild_CatAuthor Commented:
ok  my system crashed and i had to reinstall it because it was not loading the OS any more and crashing while booting can you just tell me how to protect system files and any tool that can monitor system files so that they can not be termpered i will accept your answer
0
 
loknaCommented:

To protect yourself from situations like this, the most important thing is to have a registry/system state backup. You can use the built in ntbackup tool to achieve this. You can either run a manual backup each time you change system settings, or preferably, schedule a daily or weekly backup to an external drive and keep copies for at least 6 months. See http://support.microsoft.com/kb/326216/  for more info.
 
Nod32s resident file scanner should protect you from most viruses and Trojans if you let it run all the time and schedule weekly complete scans. You should check that its running properly and receiving updates at least once a week.
 
To check and monitor the state of system files, use Windows File Protection. You can schedule it to check all files at each reboot, or schedule weekly scans with task manager. It also provides some resident protection against changes. See http://support.microsoft.com/kb/222193  for more info on how to configure it.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now