Strange reboot problem

  • Thread starter Thread starter JAMES JAKUBOWSKI
  • Start date Start date
J

JAMES JAKUBOWSKI

Good morning!
Let me preface this post by saying that I am a TOTAL newbie to Windows 2000
Server and have inherited this from the previous "techie." I've been in
software development for years, so I'm familiar with software, but have
NEVER administered a server at all, so I'm crawling thorugh all of it, but
find it fascinating! Here's my problem and I hope SOMEONE can help me!

Our Server was hit with the Blaster worm (the security patches were never
applied). How I found that out was one day, one of the users on the system
was complaining that after leaving her machine idle for @ 15 minutes or so,
or after working on the SAME thing for a period of time, she would have to
reboot because she was getting no response to anything on her machine. When
I went to check the server, sure enough, I had a warning message that the
server had the blaster worm on it (this message displayed courtesy of
Symantec Anti-Virus Corproate Edition). I cleaned the server with a utility
from Symantec (Fixblast), applied the windows update patches and rebooted as
needed through the entire process. (note I had everyone logged off at this
time). When all was said and done I restarted the server and went back to
the user.

When I went back to the user, she had attempted to log in while I was
restarting the server, since she was getting a message that network wasn't
available. Well, ever since then, it's been a nightmare! School starts
next week and it's CRITICAL that I get this issue resolved so any and ALL
help that everyone can give me is appreciated and PRICELESS to me!

The same thing keeps happening in her machine now. If she stays idle or
works on something (printing labels, composing a letter, working with a
database, whatever) for a period of time, say 15 minutes, when she tries to
process what she's working on, one of two things will happen. Either her
machine hangs and she has to reboot, or, eventually a message displays that
tells her she may not have access to the network files and to see the
Newtork Administrator. I've loaded Norton Anti-Virus on her machine
(performed a live update to get the latest-and-greatest) thinking the
blaster worm was on her machine (I have a suspicion this is how it got into
the server in the first place, albeit, quite innocently), but Norton
reported no viruses on her machine. Before any of this happened, I had
applied the patches to her machine (Windows XP Professional) and she was
working perfectly fine until the worm hit.

I checked the server thinking she was set to logout automatically, but she's
set to NEVER logout. One other thing is, after this worm hit, it complained
about it not finding her roaming profile on the server and that it was going
to restore her settings locally. That message disappeared when I went to
the Server and on her Profile tab, removed the reference to her profile.
She was able to work just fine after that as well.

Anyone have ANY ideas?? And I thank you SO MUCH for reading this mini-saga.

If you can respond to my email address: (e-mail address removed), that would be
great!! If not, I'll try to find my way back here again! LOL!
 
JAMES JAKUBOWSKI said:
Good morning!
Let me preface this post by saying that I am a TOTAL newbie to Windows 2000
Server and have inherited this from the previous "techie." I've been in
software development for years, so I'm familiar with software, but have
NEVER administered a server at all, so I'm crawling thorugh all of it, but
find it fascinating! Here's my problem and I hope SOMEONE can help me!

Our Server was hit with the Blaster worm (the security patches were never
applied). How I found that out was one day, one of the users on the system
was complaining that after leaving her machine idle for @ 15 minutes or so,
or after working on the SAME thing for a period of time, she would have to
reboot because she was getting no response to anything on her machine. When
I went to check the server, sure enough, I had a warning message that the
server had the blaster worm on it (this message displayed courtesy of
Symantec Anti-Virus Corproate Edition). I cleaned the server with a utility
from Symantec (Fixblast), applied the windows update patches and rebooted as
needed through the entire process. (note I had everyone logged off at this
time). When all was said and done I restarted the server and went back to
the user.

When I went back to the user, she had attempted to log in while I was
restarting the server, since she was getting a message that network wasn't
available. Well, ever since then, it's been a nightmare! School starts
next week and it's CRITICAL that I get this issue resolved so any and ALL
help that everyone can give me is appreciated and PRICELESS to me!

The same thing keeps happening in her machine now. If she stays idle or
works on something (printing labels, composing a letter, working with a
database, whatever) for a period of time, say 15 minutes, when she tries to
process what she's working on, one of two things will happen. Either her
machine hangs and she has to reboot, or, eventually a message displays that
tells her she may not have access to the network files and to see the
Newtork Administrator. I've loaded Norton Anti-Virus on her machine
(performed a live update to get the latest-and-greatest) thinking the
blaster worm was on her machine (I have a suspicion this is how it got into
the server in the first place, albeit, quite innocently), but Norton
reported no viruses on her machine. Before any of this happened, I had
applied the patches to her machine (Windows XP Professional) and she was
working perfectly fine until the worm hit.

I checked the server thinking she was set to logout automatically, but she's
set to NEVER logout. One other thing is, after this worm hit, it complained
about it not finding her roaming profile on the server and that it was going
to restore her settings locally. That message disappeared when I went to
the Server and on her Profile tab, removed the reference to her profile.
She was able to work just fine after that as well.

Anyone have ANY ideas?? And I thank you SO MUCH for reading this mini-saga.

If you can respond to my email address: (e-mail address removed), that would be
great!! If not, I'll try to find my way back here again! LOL!

I suspect the Blaster work got into your system because
you don't have a firewall. Do you?

About your student's machine: I recommend that you run
sfc.exe (System File Checker) do ensure the integrity of
her system files. You should also scan it with an
independet virus checker, e.g. the on-line virus checker
found at www.antivirus.com.

Seeing that you're working at a school, I strongly recommend
that you set up an SOE (Standard Operating Environment)
and create an image of that SOE, using a tool such as DriveImage
or Ghost. Once you have such an image, you can restore any
PC to its former glory in under 30 minutes. Without such an
image, you'll be putting out fires for the rest of your life, because
students are the most resourceful PC users when it comes to
wrecking their machines.
 
Back
Top