Cannot access Admin Tools

  • Thread starter Lanwench [MVP - Exchange]
  • Start date
L

Lanwench [MVP - Exchange]

TFTP ....that sounds a lot like the result of a RPC buffer overflow exploit.
Did you patch all your servers and workstations with MS03-026? Got a good
firewall? Got good antivirus software on all boxes?

If not, do so ASAP....

Install:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp
As soon as you can!. You are running the 32-bit edition; you'd know if you
weren't, trust me.

For the removal tool for the worm, see
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

Get a firewall! You NEED one. For a network get a good firewall appliance
(not just a NAT device) and place it between Internet router and LAN.

Then go to WindowsUpdate to pick up the latest updates:
http://windowsupdate.microsoft.com. (You should do this about once a month
anyway, at least)

More info about the worm:
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html
and http://support.microsoft.com/?scid=kb;en-us;823980
 
C

Chris Zaugg

Here's a wierd one that's driving me nuts. A few days ago, I was suddenly
unable to access any admin stuff...event viewer, services...anything! I am
logged in as administrator, have all the privileges, and it continues to
give me the "Access to the specified path, device or file is denied"
message. I am running Win2000 and Exchange Server on this box, and I have
SP3 installed. (Actually tried to install SP4, and it couldn't because it
said tftp.exe is in use.) Can anyone help?
 
L

Lanwench [MVP - Exchange]

Someone else posted this - kinda geared towards workstation users, but it
may help.

If some systems continue to receive TFTP errors, the following may work:

Boot to safemode and run MSCONFIG (for WinXP; if you're on W2k you can get
http://www.mlin.net/StartupCPL.shtml so you can access it) and uncheck:

SVCHOST
TFTP2228
TFTP1440
TFTP3756

Do not reboot..

Run Regedit and search for & delete the following registry keys:

TFTP2228
TFTP1440
TFTP3756

File, Exit.

Go to your start, programs, startup group and if you see the following,
delete them:

SVCHOST
TFTP2228
TFTP1440
TFTP3756

REBOOT

http://www.mlin.net/StartupCPL.shtml is an msconfig-like utility you can
download for use in Windows 2000.

Chris said:
Wow...thanks for the quick response! I have applied the patch and
checked the machine for the virus (I actually did this yesterday),
but have still had no luck in accessing any of the tools. Is there
something in the registry I can change that would give me access? I
can't even check the event viewer to see the problem (or the services
to see if something isn't starting up). The Exchange side works
perfectly...

CZ
"Lanwench [MVP - Exchange]"
TFTP ....that sounds a lot like the result of a RPC buffer overflow
exploit. Did you patch all your servers and workstations with
MS03-026? Got a good firewall? Got good antivirus software on all
boxes?

If not, do so ASAP....

Install:
Click to expand...
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
bulletin/MS03-026.asp
As soon as you can!. You are running the 32-bit edition; you'd know
if you weren't, trust me.

For the removal tool for the worm, see
Click to expand...
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.rem
oval.tool.html

Get a firewall! You NEED one. For a network get a good firewall
appliance (not just a NAT device) and place it between Internet
router and LAN.

Then go to WindowsUpdate to pick up the latest updates:
http://windowsupdate.microsoft.com. (You should do this about once a
month anyway, at least)

More info about the worm:
Click to expand...
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.htm
l
and http://support.microsoft.com/?scid=kb;en-us;823980
Click to expand...
Click to expand...
 
C

Chris Zaugg

Tried this, still to no avail. When I try to install SP4 I still get the
"tftp.exe is in use" message, and I still cannot get to any of the admin
tools. Any other ideas? I sure appreciate your help!

CZ

"Lanwench [MVP - Exchange]"
Someone else posted this - kinda geared towards workstation users, but it
may help.

If some systems continue to receive TFTP errors, the following may work:

Boot to safemode and run MSCONFIG (for WinXP; if you're on W2k you can get
http://www.mlin.net/StartupCPL.shtml so you can access it) and uncheck:

SVCHOST
TFTP2228
TFTP1440
TFTP3756

Do not reboot..

Run Regedit and search for & delete the following registry keys:

TFTP2228
TFTP1440
TFTP3756

File, Exit.

Go to your start, programs, startup group and if you see the following,
delete them:

SVCHOST
TFTP2228
TFTP1440
TFTP3756

REBOOT

http://www.mlin.net/StartupCPL.shtml is an msconfig-like utility you can
download for use in Windows 2000.

Chris said:
Wow...thanks for the quick response! I have applied the patch and
checked the machine for the virus (I actually did this yesterday),
but have still had no luck in accessing any of the tools. Is there
something in the registry I can change that would give me access? I
can't even check the event viewer to see the problem (or the services
to see if something isn't starting up). The Exchange side works
perfectly...

CZ
"Lanwench [MVP - Exchange]"
TFTP ....that sounds a lot like the result of a RPC buffer overflow
exploit. Did you patch all your servers and workstations with
MS03-026? Got a good firewall? Got good antivirus software on all
boxes?

If not, do so ASAP....

Install:
Click to expand...
Click to expand...
http://www.microsoft.com/technet/tr...c.com/avcenter/venc/data/w32.blaster.worm.htm
Click to expand...
 
C

Chris Zaugg

I think I have a little more information, though still no solution. I CAN
manage the server remotely, but cannot access the tools from the actual
machine. Does that help narrow down the potential problems?

CZ


Chris Zaugg said:
Tried this, still to no avail. When I try to install SP4 I still get the
"tftp.exe is in use" message, and I still cannot get to any of the admin
tools. Any other ideas? I sure appreciate your help!

CZ

"Lanwench [MVP - Exchange]"
Someone else posted this - kinda geared towards workstation users, but it
may help.

If some systems continue to receive TFTP errors, the following may work:

Boot to safemode and run MSCONFIG (for WinXP; if you're on W2k you can get
http://www.mlin.net/StartupCPL.shtml so you can access it) and uncheck:

SVCHOST
TFTP2228
TFTP1440
TFTP3756

Do not reboot..

Run Regedit and search for & delete the following registry keys:

TFTP2228
TFTP1440
TFTP3756

File, Exit.

Go to your start, programs, startup group and if you see the following,
delete them:

SVCHOST
TFTP2228
TFTP1440
TFTP3756

REBOOT

http://www.mlin.net/StartupCPL.shtml is an msconfig-like utility you can
download for use in Windows 2000.

Chris said:
Wow...thanks for the quick response! I have applied the patch and
checked the machine for the virus (I actually did this yesterday),
but have still had no luck in accessing any of the tools. Is there
something in the registry I can change that would give me access? I
can't even check the event viewer to see the problem (or the services
to see if something isn't starting up). The Exchange side works
perfectly...

CZ
"Lanwench [MVP - Exchange]"
message TFTP ....that sounds a lot like the result of a RPC buffer overflow
exploit. Did you patch all your servers and workstations with
MS03-026? Got a good firewall? Got good antivirus software on all
boxes?

If not, do so ASAP....

Install:
Click to expand...
Click to expand...
http://www.microsoft.com/technet/tr...c.com/avcenter/venc/data/w32.blaster.worm.htm
Click to expand...
 
B

Boris Nikolaevich

Are you running an FTP server? I spent several hours with the same
problem until the "DUH!" moment hit. I stopped the FTP service, and
then I was able to continue.

Also, I found that there were several files (including tftp.exe,
ftp.exe, netstat.exe, and a couple of others) that I had to change
permissions on during the install because they gave this same error.
Even though I was logged in as administrator, these files had Deny
permissions for the Everyone group. As soon as I changed the
permissions, SP4 was able to proceed.

Hope my trial-and-error helps get you moving the right direction!

Chris Zaugg said:
Tried this, still to no avail. When I try to install SP4 I still get the
"tftp.exe is in use" message, and I still cannot get to any of the admin
tools. Any other ideas? I sure appreciate your help!

CZ

"Lanwench [MVP - Exchange]"
Someone else posted this - kinda geared towards workstation users, but it
may help.

If some systems continue to receive TFTP errors, the following may work:

Boot to safemode and run MSCONFIG (for WinXP; if you're on W2k you can get
http://www.mlin.net/StartupCPL.shtml so you can access it) and uncheck:

SVCHOST
TFTP2228
TFTP1440
TFTP3756

Do not reboot..

Run Regedit and search for & delete the following registry keys:

TFTP2228
TFTP1440
TFTP3756

File, Exit.

Go to your start, programs, startup group and if you see the following,
delete them:

SVCHOST
TFTP2228
TFTP1440
TFTP3756

REBOOT

http://www.mlin.net/StartupCPL.shtml is an msconfig-like utility you can
download for use in Windows 2000.

Chris said:
Wow...thanks for the quick response! I have applied the patch and
checked the machine for the virus (I actually did this yesterday),
but have still had no luck in accessing any of the tools. Is there
something in the registry I can change that would give me access? I
can't even check the event viewer to see the problem (or the services
to see if something isn't starting up). The Exchange side works
perfectly...

CZ
"Lanwench [MVP - Exchange]"
message TFTP ....that sounds a lot like the result of a RPC buffer overflow
exploit. Did you patch all your servers and workstations with
MS03-026? Got a good firewall? Got good antivirus software on all
boxes?

If not, do so ASAP....

Install:
Click to expand...
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
bulletin/MS03-026.asp
As soon as you can!. You are running the 32-bit edition; you'd know
if you weren't, trust me.

For the removal tool for the worm, see
Click to expand...
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.rem
oval.tool.html

Get a firewall! You NEED one. For a network get a good firewall
appliance (not just a NAT device) and place it between Internet
router and LAN.

Then go to WindowsUpdate to pick up the latest updates:
http://windowsupdate.microsoft.com. (You should do this about once a
month anyway, at least)

More info about the worm:
Click to expand...
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.htm
l
and http://support.microsoft.com/?scid=kb;en-us;823980





Chris Zaugg wrote:
Here's a wierd one that's driving me nuts. A few days ago, I was
suddenly unable to access any admin stuff...event viewer,
services...anything! I am logged in as administrator, have all the
privileges, and it continues to give me the "Access to the specified
path, device or file is denied" message. I am running Win2000 and
Exchange Server on this box, and I have SP3 installed. (Actually
tried to install SP4, and it couldn't because it said tftp.exe is in
use.) Can anyone help?
Click to expand...
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

svchost.exe - error, help!? 5
__READ THIS NOW if your computer has been shutting down 2
RPC S O L U T I O N 2
I (still) Have a Worm! Please Help! W32.Randex.E aka RPCSDBOT.A 12
MS emails 3
Unexpected shutdown when on the net 3
New virus 2
svchost.exe - errors, need help 2

Top