This is an example of what happens when cable modem fails or is placed in standy. I'm sure you
don't need to know this, but there are lurkers that learn from this and was convenient, given
that I rode my white horse in to help you.
Event Type: Information
Event Source: Tcpip
Event Category: None
Event ID: 4202
Date: 10/22/2003
Time: 9:11:49 AM
User: N/A
Computer: DC
Description:
The system detected that network adapter Realtek RTL8139/810X Family PCI Fast Ethernet NIC was
disconnected from the network, and the adapter's network configuration has been released. If
the network adapter was not disconnected, this may indicate that it has malfunctioned. Please
contact your vendor for updated drivers.
Data:
0000: 00 00 00 00 02 00 50 00 ......P.
0008: 00 00 00 00 6a 10 00 40 ....j..@
0010: 02 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
Notice it was not a an alert or a warning, but merely information. Got this by d/c the entry
in System log viewer, and clicking the copy button right low center, then pasted it here.
Sorry for the benign redundancy.
thanks and good luck,
don
Hi Paul,
This may be a holdover from IRC.BACKDOOR.TROJAN or IRC.BACKDOOR.FLOOD. You might do a couple
of online virus scans.
www.antivirus.com
http://www.symantec.com/nav/nav_9xnt/
Write down every file and follow the procedure exactly. I'll post some removal info on
irc.backdoor.flood at the bottom.
I've caught more with Symantec online(files that I buried). See what you get and go strictly
by what they recommend to remove, if that 's it.
On the Event Viewer side, it's easy enough to rebuild them
Do this
Go to Services in Computer Management and note Event log is started and is automatic
Stop it and change to disable
Next search for *.evt files
Delete appevent.evt, secevent.evt, and sysevent.evt
Reboot
Look to see you have the files
Go restart Event log and set to automatic
Rebott and check your Event viewer to see that all files ar okay
Check them after a couple of boot sequences.
If you are having any troubles, you can export after short periods to print and clean out each
file by right mouse each file in the tree to clear that file body.
You also might keep an eye on your pagefile. Sometimes this goes along with these problems. If
it does occur you can rebuild your pagefile.sys, so don't worry about it.
good computing,
don
(always backup your registry first)(on the particular key string, right mouse and export to
desktop)(save it for a week and delete)
IRC.BACKDOOR.FLOOD removal
You might want to try this:-
Open Registry Editor. To do this, click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>CurrentVersion>Run
In the right panel, locate and delete the entry:
"LASS"="%current directory%\LASS.exe"
Still in the registry editor, in the left panel, double-click the following:
HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Uninstall\mIRC
In the right panel, locate the entry:
"UninstallString","" %current directory%\
lexplore.exe" -uninstall"
NOTE: If you have not installed the mIRC application prior to infection, delete this entry.
Modify the above entry to this, if you have installed mIRC prior to infection:
"UninstallString",""c:\mirc\mirc32.exe" -uninstall"
Close Registry Editor.
(still go by what the AVP says to do first)
good luck,
don
---------------
Hi,
I have an issue with Windows 2000 server Domain Controller.
I can open Event Viewer and view the system logs.
Then after few seconds, i click on the Applications log and it shows 0,
go back to System logs, it shows 0 logs, and all others ones shows 0 logs.
I went to google and someoned suggested that I might have got a backupdoor virus.
Did virus scans and did not find any virus.
Thank you for your prompt responses.
-Paul Hong
