 |
 |
Radhika, Sorry, I haven't been paying close attention to this, but... If you suspect the servers may have been hacked, you should just plan on a total re-format and reload. I know this sounds bad, but I have skipped doing this in the past and *it has been a *big* mistake*. Do you have different hardware that you could switch over to? If you want to save the current servers for forensic examination, that might be the best route. You might want to contact Joe Budzyn for his thoughts. One other route to consider is to reload the servers with a 2nd copy of the operating system (maybe use something newer - I have a w2k3 server 180day eval cd). That might show if there is any problem with the hardware, and let you look at the existing files on the disk. -John Radhika Kotwal wrote: > Hi, > I am still having the same problem although I have tried the following: > 1. everytime I try the pskill command, it says that such a command doesn't > exist. > 2. I tried to enable the VGA mode instead of the video driver, but that is > also giving me a blank screen. > 3. I used the recovery console and disabled the AGP440.SYS (I am not sure > whether I did the right thing, how do I know the video driver for my comp?), > but disabling the above mentioned driver also didn't help. > > I am completely lost now, I somehow feel it could be more of a hack than a > driver failure coz both my servers are having the same problem. > > Radhika. > > > > > -----Original Message----- > From: MSU Network Administrators Group [mailto:[log in to unmask]] On > Behalf Of Jeff Domeyer > Sent: Monday, July 19, 2004 9:10 AM > To: [log in to unmask] > Subject: Re: [MSUNAG] Windows 2000 Advanced Server Blank Screen > > So you are able to get the task manager open? Another option at that > point is to try to start a new task of cmd.exe. Then you could at least > get some more interaction with your server. > Some useful commands: > "drwtsn32" - Although I haven't used this yet to troubleshoot anything, > it looks like it may provide some info that may be useful in application > errors section. Maybe someone else can help you here > > "pskill" - available here: > http://www.sysinternals.com/ntw2k/freeware/pskill.shtml > Useful tool that we acquired firstly from script kiddies who "hacked" > our web server in the msblast era. Allows you too kill pretty much any > process you want to; especially those which you don't have access to. > > Tcpview - http://www.sysinternals.com/ntw2k/source/tcpview.shtml > Useful for just figuring out who is connected to what. This is also part > of the administrator's pack > -http://www.winternals.com/products/repairandrecovery/index.asp > > > Hopefully this gives you a start. > > > -----Original Message----- > From: MSU Network Administrators Group [mailto:[log in to unmask]] On > Behalf Of Radhika Kotwal > Sent: Monday, July 19, 2004 8:34 AM > To: [log in to unmask] > Subject: Re: [MSUNAG] Windows 2000 Advanced Server Blank Screen > > There are many processes running in the task manager which seem to be > different than the usual. But when I try to kill any of those, I get the > message, "Access is Denied". I have also tried to delete some of the > registery keys, but that didn't change anything. The processes still > keep > running. > I am not in the office right now and hence cant try anything, but will > be > going there sometime this afternoon. > > Regards, > Radhika. > > -----Original Message----- > From: Jeff Domeyer [mailto:[log in to unmask]] > Sent: Monday, July 19, 2004 8:25 AM > To: Radhika Kotwal > Subject: RE: Re: [MSUNAG] Windows 2000 Advanced Server Blank Screen > > Another thing you can try is to see if you can get the task manager to > pop up by hitting ctrl-alt-delete. I'm not sure if anyone uses your > servers to browse the web, but I have seen spyware mess up explorer. I > usually am able to get the machine into a usable state by killing off > all unknown processes and then killing explorer.exe. After that I start > explorer.exe again using the file/new task option in task manager. If > that does succeed I would go download ad-aware and run that, if not then > that scratches one thing off the list. > > > > -----Original Message----- > From: MSU Network Administrators Group [mailto:[log in to unmask]] On > Behalf Of Radhika Kotwal > Sent: Monday, July 19, 2004 8:15 AM > To: [log in to unmask] > Subject: Re: [MSUNAG] Windows 2000 Advanced Server Blank Screen > > Thank you for all your help, I will surely try all the suggested things > and get back to you on this. > > Regards, > > Radhika. > > > > ________________________________ > > From: MSU Network Administrators Group [mailto:[log in to unmask]] On > Behalf Of Andrew McCormack > Sent: Friday, July 16, 2004 6:46 PM > To: [log in to unmask] > Subject: Re: [MSUNAG] Windows 2000 Advanced Server Blank Screen > > > > I believe you can boot windows 2000 using the f8 key and select create a > boot log as one of the options. It may help narrow down the problem > > > > Maybe try to disable the video card: > > Using Recovery Console to Disable Services > > If you are unable to start Windows XP Professional in normal or safe > mode, the cause might be an incorrectly configured driver or service > that has caused a Stop message. Stop messages might provide information > about the service or driver name, such as a file name. By using Recovery > Console, you might be able to disable the problem component and allow > the Windows XP Professional startup process to continue in normal or > safe mode. > > > > To enable or disable services by using Recovery Console > > > > At the Recovery Console prompt, type listsvc. > > The computer displays the service or driver name, startup type, and > possibly a friendly driver or service name. Record the name of the > driver or service that you want to enable or disable. > > > > To disable a driver, type: > > disable drivername > > > > To enable a driver, type: > > enable drivername start_type > > > > Possible values for start_type are: > > > > SERVICE_BOOT_START > > SERVICE_SYSTEM_START > > SERVICE_AUTO_START > > SERVICE_DEMAND_START > > > > Try to check the boot.ini file. > > ________________________________ > > From: MSU Network Administrators Group [mailto:[log in to unmask]] On > Behalf Of Radhika Kotwal > Sent: Friday, July 16, 2004 4:20 PM > To: [log in to unmask] > Subject: Re: [MSUNAG] Windows 2000 Advanced Server Blank Screen > > > > Thanks.... I did try the Safe mode, but all it shows is a blank screen > even in safe mode. What should I do to test if the drivers have failed? > > Radhika. > > > > > > ________________________________ > > From: Laurence Bates [mailto:[log in to unmask]] > Sent: Friday, July 16, 2004 3:18 PM > To: 'Radhika Kotwal' > Subject: RE: [MSUNAG] Windows 2000 Advanced Server Blank Screen > > > > I would hope that it might be due to bad video card or other drivers. > Try booting the servers again and press F8 every two seconds during the > boot process to get into either safe mode or VGA mode. > > > > > > ________________________________ > > From: MSU Network Administrators Group [mailto:[log in to unmask]] On > Behalf Of Radhika Kotwal > Sent: Friday, July 16, 2004 3:02 PM > To: [log in to unmask] > Subject: [MSUNAG] Windows 2000 Advanced Server Blank Screen > > HI all, > > > > I have 2 windows 2000 advanced servers. When I log on both the servers, > I get a blank blue screen. I am able to access the data on the servers > from other workstations, but am not able to view anything on the > servers. > > I have visited the following Microsoft link: > > http://support.microsoft.com/?kbid=256194 and followed the procedure > given, but that didn't help. > > Any ideas or suggestions? > > > > Thanks in advance, > > Regards, > > Radhika. > > > > System Admin, CIT, MSU (On Call) >