M
ML
Hi all,
I noticed strange erroronous behavious of one of our domain controllers:
Windows 2000 Server PL SP4, Exchange 2000 Server.
Since yesterday I noticed:
1. A user cannot logout from Terminal Services session, after the
explorer.exe terminates
the session "freezes" and can only be killed from TS Manager from level of
another session.
2. IE does not open any page, however network connectivity is correct, by IP
or name.
3. I cannot open "Network and Dial-up connections" window. It just does not
show up.
4. ntbackup.exe cannot contact Removable Storage service. I am unable to
restart
the service (buttons are greyed out), although it seems to be running.
5. The server hung twice, in one week interval, 1-2 minutes before midnight
on saturdays.
Only hard reboot helped.
What is worse, I can not see any strange error messages in any server log,
despite unclean
shutdown. I cannot see any suspicious processes in Task Manager, nothing
"new" is
added to HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Run.
Is it a troyan horse or a kind of rootkit?
I cannot reboot the machine now or reinstall SP - users are working.
Any hot advice?
Regards, thank you in advance
Michal Leder
I noticed strange erroronous behavious of one of our domain controllers:
Windows 2000 Server PL SP4, Exchange 2000 Server.
Since yesterday I noticed:
1. A user cannot logout from Terminal Services session, after the
explorer.exe terminates
the session "freezes" and can only be killed from TS Manager from level of
another session.
2. IE does not open any page, however network connectivity is correct, by IP
or name.
3. I cannot open "Network and Dial-up connections" window. It just does not
show up.
4. ntbackup.exe cannot contact Removable Storage service. I am unable to
restart
the service (buttons are greyed out), although it seems to be running.
5. The server hung twice, in one week interval, 1-2 minutes before midnight
on saturdays.
Only hard reboot helped.
What is worse, I can not see any strange error messages in any server log,
despite unclean
shutdown. I cannot see any suspicious processes in Task Manager, nothing
"new" is
added to HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Run.
Is it a troyan horse or a kind of rootkit?
I cannot reboot the machine now or reinstall SP - users are working.
Any hot advice?
Regards, thank you in advance
Michal Leder