Page 2 of 2 FirstFirst 12
Results 11 to 20 of 20

Thread: Server hacked or What?

  1. #11
    What do you mean by server? A computer? Or simply a software running on the computer.
    And about the memmory bumping screen, tell me more about it, I mean that it says on it. Try to disable the "Automatly reboot on error" you will disable this from somewhere in double-click My Computer > Properties > System(or Settings, I don't remember). I don't remember actualy the menu, I haven't run Windows for some time.
    Anyways, try to send me some logs from the Minidump folder(c:\Windows\Minidump).

    Goodluck!
    The access to the computer or
    anything else that shows us how the
    world works must be total and
    unlimited.

  2. #12
    Senior Member IKnowNot's Avatar
    Join Date
    Jan 2003
    Posts
    792
    Ignoring Somefilename's post for now.

    Anyways d0pp you said disabling the service is not enough i should remove them, well that what i wana know now. Is there a tool available to delete the services completely from the system for windows?.
    this was in response to what d0pp said
    And since you seem to have been rooted... Reformat/reinstall.

    This seems to be a common misconception. There is a big difference between a common virus or spyware and being rooted, although they could lead to the latter, though not necessary for the end result, and not necessary the end result. ( am I being too vague here? ).

    Many anti-virus programs or tools can detect and remove common consequences of known viruses, but all they do is look for and remove known patterns. Once a box has been rooted there may very well be unknown and undetectable changes which would allow someone to not only be immune to common removal attempts, but also be alerted to such attempts.

    What the hell does this mean? .... .... .... drunk and thinking .... .... ....

    For most; reformat, reinstall, then find out how it happened and attempt to prevent it.

    For programers and developers, another story.
    Data is data, programs are programs, and never the twain shall meet!!!!!!!

    That should get things stirring!
    " And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes

  3. #13
    Did someone said Pizza :) FanacooL's Avatar
    Join Date
    Oct 2004
    Location
    Karachi , Pakistan
    Posts
    466
    Somefilename

    I think a server means a machine that is serving different nodes which we call clients. Yes its a machine, running Windows 2003, and serving as Proxy and mail server.

    About memory Dumping, its normally a blue screen that pops up, with lots of information on it like if you have received this message first time please restart your computer and like if you recently installed any hardware, disable it and try restarting your computer.....

    The important thing is some information with code 0x0000008e (0xc0000005,
    0x80839148, 0xf7546c60, 0x00000000)
    although its already been attached with my post.

    As far as log from minidump folder well dont have that with me cause as i have already said i have reinstalled the Operating system.

    I have no other option to reinstall as it was a server and can't depend on Backup machine since i was not able to get the problem sorted out.
    One machine can do the work of fifty ordinary men. No machine can do the work of one extraordinary man!

  4. #14
    Did someone said Pizza :) FanacooL's Avatar
    Join Date
    Oct 2004
    Location
    Karachi , Pakistan
    Posts
    466
    Hi gals/Guys

    Now as you know i have re-installed everything, the server worked fine for few days but yesterday in evening, it showed that same F##King error window and got rebooted. I checked the log nothing suspicious.

    Now is it to do with hardware, i mean aparently thats the only thing that remains the same before the installation and after installation.

    Can it be some RAM issue, cause normally RAM do such thing...... Guys i really need help in this, cause the problem is getting out of hand now.
    One machine can do the work of fifty ordinary men. No machine can do the work of one extraordinary man!

  5. #15
    Hmmm, kinda think about it, I had this problem when I was on Windows(the exact problem). Check for some twisted capacitors on the motherboard, reinstalling won't help. :|
    The access to the computer or
    anything else that shows us how the
    world works must be total and
    unlimited.

  6. #16
    Did someone said Pizza :) FanacooL's Avatar
    Join Date
    Oct 2004
    Location
    Karachi , Pakistan
    Posts
    466
    Somefilename I will try to see that....... But can't you remember how you solve this problem?.
    One machine can do the work of fifty ordinary men. No machine can do the work of one extraordinary man!

  7. #17
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Posts
    604
    Looking over the event log shows the last message before the reboot is:
    2/10/2006 10:04:33 AM EventLog Error 6004
    A driver packet received from the I/O subsystem was invalid. The data is the packet.

    This error is not usually critical but is usually indicative at some sort of network driver/filter problem. This could be the actuall driver, or something hooking the NDIS, like a rootkit or even just your anti-virus. Now lets look at the next interesting event after the reboot:

    2/10/2006 10:18:00 AM Save Dump 1001
    The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x80839148, 0xf7546c60, 0x00000000)

    A bugcheck status of 0x0000008e or 8e, is a KERNEL_MODE_EXCEPTION_NOT_HANDLED error. The information in parenthesis is the exact address of the code that cause the unhandled exception. Since the last event before the exception was the 6004, it looks like the network driver/or filter is taking big ****. I'm still nit sure whether this caused by hardware or software (aka re-infection, AV, etc) You need to eliminate the possibilities. I would try this:
    First, boot to a memtest CD and test the memory. Then move the NIC card in the server to a different slot. Make sure you have the newest drivers from Intel for the card, and let the machine run. If if it still crashes, move it to an isolated network and remove AV software and anything else which may be hooking the network drivers. Give it some kind of network activity and let it run. Post back with anything you may turn up.

    -Maestr0
    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

  8. #18
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    Could be the Law of Synchronicity is at work here. On the one hand, it certainly sounds like you've got some hardware issues. I was just looking at a W2K box yesterday in which the owner had inserted another ram chip which was picked up by the bios ok, but gave the OS fits, throwing us all kinds of errors in ass't .exe files. We removed the new chip and everything ran great. The computer used pc100 and the owner had put in a chip of pc133u thinking it was backwards compatible. Oddly, the bios found it ok, but it choked both W2K and Insert linux (boot cd).

    But that may not explain the rogue software you've been plagued with. What kind of media are you installing the server software from? A Microsoft factory cd? Or perchance something from a warez site?
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  9. #19
    Did someone said Pizza :) FanacooL's Avatar
    Join Date
    Oct 2004
    Location
    Karachi , Pakistan
    Posts
    466
    brokencrow

    Well i am installing from a backup CD which we have been using from a while, as we don't normally purchase licensed software here .

    Well my mind is going towards RAM, cause there are 4 different RAM in it, 1 X 512 MB and 3 X 256 MB. We have been facing some power fluctuation issues here altough the server is on a heavy UPS so this couldn't damage things here..... I took all the RAM out and examine myself couldn't find any burn one in it.

    The other thing i have in mind is that power supply, the only reason i couldn't getting to the exact cause of this problem is because I can find any resemble incident in b/w all those reboots. Nothing similar happen.

    Just one more thing i remember before re-installation when i encounter this problem first, my Manager take a look into the services and disable lots of services he thought might be not worthy for us and this memory dumping problem occurance increases rapidly, i mean it normally used to happen once or twice in a day and after stopping few services it used to happen more than 5 times in an hour or rather i must say occuring every 10-15 mins.

    So i am really confuse is it some software issue or hardware. ??????
    One machine can do the work of fifty ordinary men. No machine can do the work of one extraordinary man!

  10. #20
    Did someone said Pizza :) FanacooL's Avatar
    Join Date
    Oct 2004
    Location
    Karachi , Pakistan
    Posts
    466

    Talking

    Hi Gals / Guys

    As mentioned in the post one of the issue that we were facing with our server a while ago, well it wasn't resolved and we had to change the server eventually. i was working on that old server rather i was using it and what happen on Thuesday, i Updated windows as it was showing me that there is an updation of ISA server 2004 it was SP2....... And after updation ..... The server gets back to normal condition...... its been a week and thanks to GOD its working perfectly alright not even had a problem with the machine for a single time.....

    So i have came to the conclusion that ISA 2004 SP1 has some issue with this Server Machine Intel STL 2.0 Motherboard.

    I am glad, its Over....
    Thanx & have a nice time.
    One machine can do the work of fifty ordinary men. No machine can do the work of one extraordinary man!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •