Paulduberry
asked on
Task Scheduler service stops and auto configures itself to disabled
Windows Server 2003 SP2. I have a batch file configured to shutdown all the PCs on the LAN every night at 10.30. Lately, I come in in the morning and they are all still running. When I interrogated the server, I find that the task scheduler service has stopped and is set to disabled. Obviously, I then set it back to started and automatic but every day at some stage it resets itself back to stopped and disabled. Weird what? I'm thinking virus but not sure really how to tackle this. I have Symantec Client Security running and it reports that the Conficker virus is active but every instance it encounters it, it manages to delete it successfuly. I have also scanned with the W32. downadup removal tool from Symantec but it doesn't find it. It's the same file that is identified every time (nowfeee.wi) in the system32 folder but I can never find the file. It's a bit of a phantom.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
DavisMcCarn, I read the KB from MS and went through it all step-by-step. According to the KB, the Malicious Software Removal Tool is automatically downloaded from Windows Update. If that is the case, then there is nothing to do except hope that it finds and removes the bug. At least, that's my understanding of it. It clearly isn't doing it's job. I have followed the other steps in the article also including the manual removal procedure but it hasn't made any difference.
ASKER
jmlamb,
My post states that I have to manually start the task scheduler service every day despite the fact it is configured to start automatically. The other settings are configured also as mentioned in your post.
My post states that I have to manually start the task scheduler service every day despite the fact it is configured to start automatically. The other settings are configured also as mentioned in your post.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I attempted to download and run MRT manually but couldn't find any option to do so. Would you be able to send me a link please?
ASKER
Never mind. I found MRT.exe in the system32 folder as described. Thanks. It's dated 9-3-2011. I am currently scanning.
ASKER
Question, Is it advisable to run ComboFix on Windows Server 2003 considering this computer is central to our organization and has a lot of critical data that needs to be available 24-7?
That's one of many reasons I suggested using MBAM first. ComboFix will isolate the server machine, and the author does not "support" it running on a server. Most probably there will be no issue, but if, then it is severe. I don't know if I would take the risk.
ASKER
MRT didn't find any bugs. Running MBAM now.
When I asked for advice regarding your case, a much more versed Expert than me advised against using ComboFix on Servers and 64bit OS. Sorry I mentioned it, but I forgot you are talking about a Server when I did.
Let's hope MBAM finds something.
Let's hope MBAM finds something.
Or try this one, maybe? http://download.cnet.com/Conficker-Removal-Tool/3000-2239_4-10911447.html
ASKER
DavisMcCarn, Running that download at the moment. This is my last hope. I'll close the ticket tomorrow regardless of the outcome.
ASKER
Guys, I still have the problem. I will probably have to wipe the server to make this bugger disappear but thanks anyway to all who contributed.
To check the settings for the service:
1. Click Start, click Control Panel, and then double-click Administrative Tools.
2. Click Computer Management.
3. Expand Services and Applications, and then click Services.
4. Right-click the Task Scheduler service, and then click Properties.
5. On the General tab, make sure that the startup type is set to automatic, and that the service status is Started. If the service is not running, click Start.
6. On the Log On tab, make sure that the local system account is selected, and that the Allow service to interact with desktop check box has a check mark.
7. Click OK, and then quit Computer Management.
http://support.microsoft.com/kb/308558