This is too weird...

[masster]

Hi,

Here's my case. I have a PC workstation running Windows XP Pro SP2 (all recent updates installed)

On it I run the following network/web software:

- Serv-U FTP 6.02 with 3 users (one admin, myself, and 2 clients) NO anonymous accounts
- e-mule 0.46a
- Remote Anything 5.11.22 (personalized slave.exe with hard-to-guess password)

As security software I run ZoneAlarm Security Suite 5.5.094.
As spyware & antivirus I run McAfee Antispyware and McAfee Viruscan (both having last signatures databases) and the system was fully scanned.

Now the hardware part: I use a Mercury KT133a FSX mainboard, Athlon Thunderbird 1.1 GHz, 256 MB RAM, 40 GB WD HDD, Nvidia TNT2 Ultra video. I checked the system using BurnInTest Pro 4.0, stressing it for 24 hours, at 100% CPU, temperature never went over 55C. All went well.

BUT, here's the problem: once in a while (daily or every 5 days the most) my server FREEZES. No mouse, no keyboard, nothing works. Only the reset button can change anything.

I tested all I am aware of but I can't figure out what is happening... Because it's terribly frustrating... Is it a security problem I'm dealing with? And if yes, what can I do about?

Please help me,
Thanks

[DjM]

And your event logs are telling you what???

Cheers:

[foxyloxley]

strip unit down.
full clean and re-assembly
make sure no dust bunnies are left
clean and reseat memory
check all units are fixed securely [HDD - floppy - MoBo etc] all items that are loose are a threat to system integrity.

run software checking tools over the HDD
run software checking tools over the system complete [CheckIT - PC Check etc]
run the [your] mark 1 nose over the PSU - clue - if it smells 'burnt' replace.

security routine ?
uptime - unbroken, prior to this problem ?
backups ??????? got none - GET SOME

ps

what DO your logs show ??

[edit]
just seen your remarks re:- heat and stress tests.
still leaves the physical pull apart

[masster]

Originally posted here by DjM
And your event logs are telling you what???

Cheers:

Well this is the weirdest thing of all. I let my workstation locked (Ctrl-Alt-Del + Enter)

There was NO record of "freezing". As if event logs were cleared, and then my PC was blocked. But even so, from my knowledge I remember there is a record where it must say "event log started - last "accidental" shutdown at hh:mm:ss".
But NO, nothing...

What probability is for a hardware flaw opposed to a security breach?
I f you need further details about my server, please ask.

Over the last month I was pulling my hair out trying to figure what's happening.
At home, in full test, all went well. After I put it online, it began freezing...

I really don't get it. and I thought I 've seen all.

Cheers

[masster]

Originally posted here by foxyloxley
just seen your remarks re:- heat and stress tests.
still leaves the physical pull apart

Already done. Prior testing in full, I stripped it down, cleaned, air-blown all parts... pure surgery. That's why I'm going nuts

[Und3ertak3r]

Adding to Foxy's comments..

ALL cables and Cards are full seated?
there are no problems with the any of the cables (have encountered some with roughly cut cable)
(as commented earlier-EVENT Log) Are you getting random errors
Incompatable RAM.. loose ram (see my first comment)..
Some MoBo's are ****, cheep sockets, memory dosent seat properly.. random errors and locks..
You may need to test the machine with ALL Cards removed (different Vid card installed), then Install cards one at a time untill the problem returns.. one of your cards may have a fault..
HAve you tested the machine with a known good PSU?

[masster]

Originally posted here by Und3ertak3r
Adding to Foxy's comments..

ALL cables and Cards are full seated?
there are no problems with the any of the cables (have encountered some with roughly cut cable)
(as commented earlier-EVENT Log) Are you getting random errors
Incompatable RAM.. loose ram (see my first comment)..
Some MoBo's are ****, cheep sockets, memory dosent seat properly.. random errors and locks..
You may need to test the machine with ALL Cards removed (different Vid card installed), then Install cards one at a time untill the problem returns.. one of your cards may have a fault..
HAve you tested the machine with a known good PSU?

I see myself that all my comments are in vain. So I try again. I cleaned EVERY board, power source, cable etc. then assembled, then tested/STRESSED thoroughly ALL devices in the same time using the earlier mentioned software.

What I don't understand is this: I came to this security-oriented forum especially to see what security holes/exploits/bugs my PC might have, not for hardware issues that I already said I tested. PLEASE, PLEASE read ALL my comments.

So I refer to known problems of the software I'm using for FTP server, remote control and sharing (emule). Do I have to forget about any of these services? Do I have to kill FTP, remote control and emule and look at a static PC? Because this is what I'm trying to say (repeatedly). My PC works fine under heavy stressing loads, but the moment I put it ONLINE, it cracks.

WHAT SECURITY PROBLEMS I MIGHT HAVE?

Thanks.

[hexadecimal]

if you said it would freeze daily it is most likely faulty hardware

as of software holes.... watch what you download with emule.... infact just remove it.... p2p is just about dead
if you still get random locks and all your hardware is good then you have to start working with software

make sure all your drivers are up to date and the correct versions

make sure all your software can work together... some programs cause errors with installed with others
(example)
when a version of Real Player as installed it disabled the Windows pictrue and fax program that opens up when you throw in a picture cd

if you cant find any potential clashes uninstall ANYTHING THAT ISNT ABSOLUTLY NEEDED



sometimes one of these problems can be caused by a virus, dust in the comp, faulty programming, etc




there is one thing i would recomend testing to help you decide once more if it is hardware or software based

download a live linux distro and tinker with it.... if it freezes its most likely hardware.... while you are running this it would be good to test the memory... if you need instructions just ask



anything that i didnt cover?

[rapier57]

First, WinXP SP2 likes 1 GB best. 256 MB is a small space for all those services. This may be part of the problem. Do you have a diagnostic tool to walk the RAM and check for problems in the stick(s)?

Yes, you have ZoneAlarm, yes you have AV, but you are using McAfee. I've found that McAfee will miss a couple of nasties. If you can remotely connect or map the C drive from another station, run a different AV on the drive. (AVG or Norton).

Since you are using a Peer-2-Peer sharing service, you open your system to some of the current nasties that ride the p2p networks. Are you scanning the shares you set up for this?

Event Logs:

System should indicate the stopping and starting of certain services using the Service Control Manager source. These will tell you when the system comes up and when it goes down cleanly. If you don't have the going down sequence, but it is followed by a startup sequence after you restart from a hang, Note the time just before. the startup sequence.

Application willl identify applications that hang, if any. Use the time noted above to check the Application log around that time to see if there are any app hangs.

Security will ID when there are attempts to log in that fail, assuming you have that auditing turned on. If the Security log is clear, that is an indication that you have a trojan.

I hope this helps.

EDIT:

Also, WinXP can get rooted, too. There are tools to check if your system has been rooted (rootkit tester).

[masster]

Originally posted here by hexadecimal
if you said it would freeze daily it is most likely faulty hardware

Not daily. Randomly. One day, 5 days, 3 days, twice a day... But I repeat: ONLY when connected to Internet.[.B] So I'd eliminate hardware. i think I stressed it enough.

download a live linux distro and tinker with it.... if it freezes its most likely hardware....

Live Linux distro? Never heard of My machine runs Windows XP.

Please give me details.