Link to home
Start Free TrialLog in
Avatar of Wild_Cat
Wild_Cat

asked on

The system restarts after some time frequently

the system for windows 2000 server restarts frequently with automatic shutdown, microsoft states that there are shares mentioned in the registry key and that i have checked all shares are system shares the error is
The system process 'c:\winnt\system32\services.exe' terminated unexpectedly with status code 128. The system will now shutdown and restart.
Avatar of lokna
lokna
Flag of Norway image
If I understand you correctly, you have tested the solution at http://support.microsoft.com/kb/318447  , and it didn't work?
I have seen similar problems caused by some viruses, so I recommend a full scan of the system.
Avatar of Wild_Cat
Wild_Cat

ASKER

where to start antivirus gave me 4 files with virus namesd i have nod32 installed on my server
the virus names are as follows
BAT/TrojanDownloader.Agent  
IRC/SdBot trojan
    file name: dot3cfg.exe, smlogsvcc.exe
The server reboots after every 45 minutes and the microsoft solution reffers to a reg key that is totally empty and the server has following shares
C$
D$
E$
F$
G$
H$
Admin$
IPC$
Avatar of Wild_Cat
Wild_Cat

ASKER

If it is a virus than what should be the solution you recomend?
Avatar of Wild_Cat
Wild_Cat

ASKER

the server removed files like aaa.bat, run.vbs from the root of the system
Avatar of lokna
lokna
Flag of Norway image
The virus detected as IRC/SdBot trojan is a backdoor Trojan, so I would start with disconnecting the server from the network completely.
Symantec has removal instructions for this here: http://www.symantec.com/security_response/writeup.jsp?docid=2002-051312-3628-99&tabid=3  . Since this is an old Trojan it might have mutated and the instructions might not be valid anymore, but try.
To be completely sure that its gone, you should also scan the drives for viruses on another computer if possible, ergo insert the drives as secondary drives in a working, updated and isolated test computer and scan them. If system files have been infected, it might be impossible to remove the virus while the server is running. Another possible solution is to run the virus scan from a bootable cd/dvd.

If this doesnt  fix the problem let me know.

Avatar of Wild_Cat
Wild_Cat

ASKER

All the reffered system registry entries are not there only nod32kui.exe service running from Eset folder and algs.exe missing and its disabled which is applicatio layer gateway service i guess
Avatar of lokna
lokna
Flag of Norway image
Virus software like to disguise themselves as system processes, but if the scans came back clean it's probably OK. If it's still restarting, try running process explorer to find out which services are running. Services.exe is a generic process for launching services, and one instance can run multiple services hidden in the background.
Download process explorer from http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx , it will show which services are running behind services.exe. It is normal to have multiple services.exe instances running.
Avatar of Wild_Cat
Wild_Cat

ASKER

ok  my system crashed and i had to reinstall it because it was not loading the OS any more and crashing while booting can you just tell me how to protect system files and any tool that can monitor system files so that they can not be termpered i will accept your answer
ASKER CERTIFIED SOLUTION
Avatar of lokna
lokna
Flag of Norway image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial