Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

XP & 2000 Server issues on Domain. Real bad!


  • Please log in to reply

#16
Gargoyle357

Gargoyle357

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Nevermind, found port 8193. SysAid, a help desk/asset management program we run.
My bad. (Though I kind of wish it had been something. Now I'm back to no clues to work with.)

Found the activity watching the Firewall Traffic Monitor.
That was the only activity that seemed out of whack.
  • 0

Advertisements


#17
dsenette

dsenette

    Je suis Napoléon!

  • Administrator
  • 26,019 posts
  • MVP
this might be some form of D.O.S. attack...but don't quote me
  • 0

#18
Gargoyle357

Gargoyle357

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts

this might be some form of D.O.S. attack...but don't quote me

View Post


Ha, I quoted you!
(Sorry, needed a laugh)

A DoS is sure what it feels like, but from where?

Nothing is coming in.
All virus scans come up empty.
It only effected a handfull of computers.
I can't find the common thread that would make JUST those vulnerable.

Knock on wood-like-substance, but the rest of the network is working fairly well. (Except for the missing services previously provided by the dead server, that is.)
  • 0

#19
dsenette

dsenette

    Je suis Napoléon!

  • Administrator
  • 26,019 posts
  • MVP
"is it possible the windows updates were only done on a few clients(the bad ones)?


QUOTE
Windows updates on these were handled by Automatic Update being set to download automatically and prompt to install.
"

from my request for help.....check the updates and see if the ones that are screwed have anything different than the others
  • 0

#20
dsenette

dsenette

    Je suis Napoléon!

  • Administrator
  • 26,019 posts
  • MVP
that might also account for the fact that it only failed when the machines rebooted
  • 0

#21
Gargoyle357

Gargoyle357

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Ok, first off some are Windows 2000 Server, some are XP with SP-1 and some are XP with SP-2.

Can't match updates directly, but I also can't see that any updates were applied since 7/14. I would have thought if an update was responsible it would have had to been installed on 7/27.

Still suspicous of Symantec Antivirus as the last updates it displays are 7/27, even when newer ones are applied. I stripped SAV off of 2 of them with no effect though.

Thought I had a pattern with Windows Installer 3.1, but found 2 that don't have it.

On my workstation I can not access the Start button or Start menu. Task Bar is "busy". Don't know how else to get there to even see what it has.
  • 0

#22
dsenette

dsenette

    Je suis Napoléon!

  • Administrator
  • 26,019 posts
  • MVP
can you do the windows key?
  • 0

#23
dsenette

dsenette

    Je suis Napoléon!

  • Administrator
  • 26,019 posts
  • MVP
i'm gonna assume that you were smart enough to turn system restore off on all of the machines right?
  • 0

#24
Gargoyle357

Gargoyle357

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Windows key doesn't work either.

Disabled System Restore on all but 3.
1 is mine, and I don't know how to get there without a start menu.
1 is the Corporate Controller's and is semi-functional so he won't let me reboot it (and I don't blame him)
1 is Windows 2000. Does it have Sytem Restore?
  • 0

#25
dsenette

dsenette

    Je suis Napoléon!

  • Administrator
  • 26,019 posts
  • MVP
i can't recal if it does or not
  • 0

Advertisements


#26
dsenette

dsenette

    Je suis Napoléon!

  • Administrator
  • 26,019 posts
  • MVP
on your machine...can you start in safe mode?
  • 0

#27
Gargoyle357

Gargoyle357

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
One of the XP computers has outgoing packets on port 80 going to:
unknown.ord.scnet.net

Mean anything?

I also had a running process that started with a space?
It was <space>wowway?
Ended it, but port 80 was still in use.

I'll try bringing mine up in Safe Mode now.
Good idea, brain is mush, didn't think of it.

Thanks.

Edited by Gargoyle357, 03 August 2005 - 02:37 PM.

  • 0

#28
dsenette

dsenette

    Je suis Napoléon!

  • Administrator
  • 26,019 posts
  • MVP
doesn't ring any bells but port 80 isn't exactly a port you want anything you don't know about to be on
  • 0

#29
Gargoyle357

Gargoyle357

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts

doesn't ring any bells but port 80 isn't exactly a port you want anything you don't know about to be on

View Post


My thoughts exactly. How do I stop it?

TrojanHunter still found nothing.
New virus scan running now, but I doubt it took the new definitions. Still shows 7/27.

Pull the plug on it, or is there a way to kill the port?
  • 0

#30
dsenette

dsenette

    Je suis Napoléon!

  • Administrator
  • 26,019 posts
  • MVP
try killing the process....or close the port...though if you close the port you wont have ....uh....crap is that http or smtp...either the internet or email
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP