W32.Blaster.worm patch corrupts event viewer

[Ray Turley]

I noticed after installing the Blaster.worm patch on a
customer's Windows 2000(SBS) server with SP4 previously
installed the Event Viewer contents can no longer be
reviewed on that server.

I can open Event Viewer and it will default to the Systems
Log view and seems to function normally but when I proceed
to select the Application Log view I, can see that there
are 3,952 events according to the header count in that log
but none are visible in the individual header box below
it. Then if I continue to select any of the other Logs
they all show 0 events, even the System Log which just 2
mouse clicks ago showed some 300+.

I have confirmed this issue with on of my colleagues from
SMU and he was able to see the same problem on his
customer's server as well. Any suggestions are greatly
appreciated on a possible correction or work around, as I
need to work on this server soon and Event Viewer is
sorely needed for that purpose.

 

[Ray Turley]

Correction found in another group and it does work:

To clear Windows 2000 log files, follow these steps:

1. Click Start, point to Programs, point to Administrative
Tools, and then click Event Viewer.
2. In the Event Viewer window, right-click the Application
Log, and then click the Clear all Events command. An Event
Viewer dialog box appears. The Event Viewer dialog box
asks if you want to save the Application Log before you
clear it.
3. Click Yes to save the log.
4. In the Save "Application Log" As dialog box, select a
location to save the log file. Type a name for the log in
the File name box. A good practice is to include the log
type and the date that the log was saved, for example,
applog 11232001.
5. Click the Save button to save the log file. The log
file is stored with the file extension .evt. These .evt
files can be opened in the Event Viewer. You are returned
to the Event Viewer window after the log file is saved.
Note that there are no entries in the right pane. This
indicates that there are now no entries in the Application
Log.
6. Right-click the Security Log, and then click the Clear
all Events
command.
7. Click Yes to save the log file.
8. Choose a location to save the log file, and then type a
name for the
Security Log. Click Save to save the log file.
9. You are returned to the Event Viewer windows after you
save the Security Log. The right pane is not empty. The
first entry that appears after you clear the Security Log
is a Success Audit entry.
10. Double-click the entry in the right pane.
11. In the Event Properties dialog box, read the
Description information.
This event records the fact that the audit log was
cleared. Click OK to close the dialog box. The System Log
is cleared in the same way as the
Application Log.

Log file sizes can be as large as the capacity of the disk
and memory of the Windows 2000-based computer. You need to
clear the log if you need to reduce the log file size.

315147 HOW TO: Clear the Event Logs in Windows 2000
http://support.microsoft.com/?id=315147

Hope the information is helpful.

Thanks and have a good day!

Regards,

Benny Fu
Microsoft Online Partner Support
Microsoft Corporation
Get Secure! - www.microsoft.com/security

This posting is provided "AS IS" with no warranties, and
confers no rights.