Com+ EventSystem Hanging, will not go beyond "starting"

  • Thread starter Thread starter ed
  • Start date Start date
E

ed

This is a windows 2000 server at an ISP I use is as a dedicated web server.
Since being compromised by several Trojans, and cleaning the system, my Com+
EventSystem service is hanging (showing starting). Therefore the System
Event Notification Service is also not starting. RPC starts and runs.

I have checked the registry settings and noted that
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventSystem\Parameters
Service DLL is set to nettapi, which is a non-existent file.

What should the file actually be? I maintain a second server at the same
ISP, and the file is es.dll, which has to do with xml (I do a lot of xml
transactions on that server) . . still even that does not sound correct.

Any thoughts?

Thanks
 
Actually I may be wrong about es.dll, as I just checked a windows SBS 2003 I
have admin privileges on an it also shows es.dll. es= EventSytems? duh?
 
Fixed! . . .


ed said:
Actually I may be wrong about es.dll, as I just checked a windows SBS 2003
I have admin privileges on an it also shows es.dll. es= EventSytems? duh?
Click to expand...
 
Well it seems your issue was the Event Service Hanging. That is about all we had to go on. Since it is "fixed" would you mind explaining what you did? Thanks.
 
Seems the virus set the Event Service to a dll called nettapi.dll, which of
course was deleted by the virus scan, hence the hanging. After I looked at
two systems registry's that showed es.dll, had to be it. Checked to see
that the file was in sys32, and the changed the registry!

As I pointed out earlier, the registry key is
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventSystem\Parameters


Well it seems your issue was the Event Service Hanging. That is about all
we had to go on. Since it is "fixed" would you mind explaining what you
did? Thanks.
 
Yes sys32 under C:\WINNT is a common virus produced folder. You shouldn't have that. The first one that I know of
that did that was Benjamin. It is where it stored all its data.
 
Huh?
Yes sys32 under C:\WINNT is a common virus produced folder. You shouldn't
have that. The first one that I know of
that did that was Benjamin. It is where it stored all its data.
 
Back
Top