Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Has my Win 2000 Server been hijacked?

  • Please log in to reply



    New Member

  • Member
  • Pip
  • 1 posts
Has my W2k Server been hijacked?

Here a a few problems unsolved. Tastes like sabotage or hijacking.

1. at login as admin to W2k Terminal server 3 cmd boxes open
2. Explorer.exe often hangs up when I try to logoff terminal session
3. "Dameware NT Utilities 2.6" Service listed. No uninstall? Spyware?
4. IIS can no longer run ASP files / ISAPI.
5. My FTP server serv-u is sick too.

Details here:

1.Each time I login as admin to W2k Terminal server session 3
windows open and get closed. This has just recently started.

2. Explorer.exe often hangs up when I try to logoff terminal session

some times explorer overburdend the Server, by driving
performance to 100%
3. "Dameware NT Utilities 2.6" Service listed. The file pointing at
states V.4.0.6.

I did not install this.

Since I deactivated the service the CPU is not so often at 100%

There are no installation folders, hlp files or any uninstall.

The service *.dll is in WINNT/system32

4. IIS can no longer run ASP files / ISAPI.

3 Errors in EventManager:

Source: Com+
Category SExecutive
Type: Error

Internal error occurered in process. Consult MS Software Service.
*** Error in __FILE__(926): Application image dump failed.


Source: Com+
Category SVR
Type: Error

Error code = 0x80090017 : The service (provider) type is not defined.
COM+-Service - internal Information:
File: .\security.cpp, line: 617


Source: W3SVC
Category none
Type: Warning

The Server could not load the application '/LM/W3SVC/1/ROOT' .
Error: "starting the server"

5. My FTP server serv-u is sick too.

At first Its service couldn't start any more.

2 weeks ago I attempted a repair which first seemed ok:

5. 1. installed serv-u over the old instaltion
-> service could not start.

5. 2. So I uninstalled serv-u, emptied folder, restated server,
reinstalled serv-u, restarted server
-> service started
=> reconfigured server & licence activcated again

5.3 This worked till Saturday, then the service went off again.
I restatred the service via the admin tool, but this only helped
For a day.

resulting status:

- FTP service running.
- FTP Clients: Connections refused
- FTP Admin: Unable to connect to server on 29353
- Software: serv-u build

When I stopped and restarted the server via admin tool, I could access the setting
and clients can access the server again for a while.

On the server is 8signs firewall but It did not record access violations
itself. Switchig 8signs off. makes no difference.

3 days later FTP server & MDaemon Mailserver services down.
Mdaemon starts - OK
FTP cant start Error 100.

No reinstallation helped. No log reports help.


The server is more or less stable at present, but I can not use
ASP and ISAPI technology.

Attemped Repair:
- installation of MDAC 2.6
- reinstalled URLScan 2.5

System Profile:
- Win 2000 Server Current SPs + Sec.Patches
- IIS, SQL2000 SP3, Cert.Server, ODBC
- Mdaemon 8.01, 8signs Firewall, Serv-U FTP server 6


1. How do I get ASP to run again?
2. How to resolve Explorers problem

Edited by mcsemag, 05 May 2005 - 02:17 AM.

  • 0


Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP