The system can not log you on due to the following error. The network request is not supported.



Fredly
07-09-2005, 11:49 PM
The system can not log you on due to the following error. The network
request is not supported.

Seems to be a rash of this problem in the last few days. Several people
reference a virus, worm or bot.

http://www.experts-exchange.com/Operating_Systems/Win2000/Q_21439641....

http://www.experts-exchange.com/Operating_Systems/Win2000/Q_21443828....

I'm having trouble with exchange errors and then the system itself. I too,
ran into this one time a few weeks ago, then nothing until 6/1. Now it's
every few hours, hard boot, happens again.

We run SAVCE 8.0 and it's defs are up to date.

I going in to fight with this today. Anybody here anything new? I saw
someone already called MS. Any luck??

David H. Lipman
07-09-2005, 11:49 PM
From: "Fredly" <abc@email.com>

| The system can not log you on due to the following error. The network
| request is not supported.
|
| Seems to be a rash of this problem in the last few days. Several people
| reference a virus, worm or bot.
|
| http://www.experts-exchange.com/Operating_Systems/Win2000/Q_21439641....
|
| http://www.experts-exchange.com/Operating_Systems/Win2000/Q_21443828....
|
| I'm having trouble with exchange errors and then the system itself. I too,
| ran into this one time a few weeks ago, then nothing until 6/1. Now it's
| every few hours, hard boot, happens again.
|
| We run SAVCE 8.0 and it's defs are up to date.
|
| I going in to fight with this today. Anybody here anything new? I saw
| someone already called MS. Any luck??
|

You posted all over the place and haven't supplied any substantiating information.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Frank McCallister SBS MVP
07-09-2005, 11:49 PM
SAV 8.0 is not compatible with SBS. You need to upgrade to 10.0

--
Frank McCallister SBS MVP
COMPUMAC
"Fredly" <abc@email.com> wrote in message
news:%23ACpFIRaFHA.2884@tk2msftngp13.phx.gbl...
> The system can not log you on due to the following error. The network
> request is not supported.
>
> Seems to be a rash of this problem in the last few days. Several people
> reference a virus, worm or bot.
>
> http://www.experts-exchange.com/Operating_Systems/Win2000/Q_21439641....
>
> http://www.experts-exchange.com/Operating_Systems/Win2000/Q_21443828....
>
> I'm having trouble with exchange errors and then the system itself. I
> too,
> ran into this one time a few weeks ago, then nothing until 6/1. Now it's
> every few hours, hard boot, happens again.
>
> We run SAVCE 8.0 and it's defs are up to date.
>
> I going in to fight with this today. Anybody here anything new? I saw
> someone already called MS. Any luck??
>
>

Fredly
07-09-2005, 11:49 PM
Thanks Dave and Frank.

Frank, SAVCE is compatible with SBS 2000. I'm not very impressed by 10 at
this time. I'd stick with 9 until they iron it out...

Dave, I'm looking for someone who is having this problem and has had some
luck with it. Thank you for your response.

"You posted all over the place and haven't supplied any substantiating
information."

Anything in particular you were looking for?

SBS 2000
SAVCE 8.0
Watchguard

Here is my post from yesterday.

-----------------

I've got an SBS 2000 server that keeps locking up. Users cannot use Outlook
or shared folders.

When you try and logon at the server locally (on the console) you get:

"The system can not log you on due to the following error.

The network request is not supported.

Please try again or ..."

We must hold in the power button and hard boot. Then it works for a while.
Less and less time it seems.

In the time I can get in after reboots this is what I'm seeing in the event
log (app) prior to lock up. In no certain order:

Event Type: Error
Event Source: MSExchangeMTA
Event Category: Directory Access
Event ID: 155
Date: 6/3/2005
Time: 7:05:09 AM
User: N/A
Computer: x
Description:
Error 0X80004005 occurred while reading information for directory name (DN)
CN=SMTP
(x-{D968AE78-98D6-45FE-AE89-EB1F92726DBA}),CN=CONNECTIONS,CN=x,CN=MICROSOFT
EXCHANGE,CN=SERVICES,CN=CONFIGURATION,DC=x,DC=LOCAL from the directory. [MTA
OPERATOR 25 38] (12)

For more information, click http://www.microsoft.com/contentredirect.asp.


Event Type: Error
Event Source: MSExchangeIS Public Store
Event Category: Replication Errors
Event ID: 3079
Date: 6/3/2005
Time: 6:50:46 AM
User: N/A
Computer: x
Description:
Unexpected replication thread error 0x80004005 on database "First Storage
Group\Public Folder Store (x)"

FReplAgent


For more information, click http://www.microsoft.com/contentredirect.asp.


Event Type: Warning
Event Source: MSExchangeMU
Event Category: General
Event ID: 1040
Date: 6/3/2005
Time: 6:24:04 AM
User: N/A
Computer: x
Description:
Metabase Update failed replication 5 times with error 80004005 (Unspecified
error). Please change the diagnostic logging level of MSExchangeMU to
'minimum' or greater to find the source of the problem.

For more information, click http://www.microsoft.com/contentredirect.asp.


Event Type: Error
Event Source: MSExchangeSA
Event Category: General
Event ID: 9188
Date: 6/3/2005
Time: 6:17:37 AM
User: N/A
Computer: x
Description:
Microsoft Exchange System Attendant failed to read the membership of group
'cn=Exchange Domain Servers,cn=Users,dc=x,dc=local'. Error code '8007203b'.

Please check whether the local computer is a member of the group. If it is
not, stop all the Microsoft Exchange services, add the local computer into
the group manually and restart all the services.

For more information, click http://www.microsoft.com/contentredirect.asp.


Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1000
Date: 6/3/2005
Time: 6:07:04 AM
User: NT AUTHORITY\SYSTEM
Computer: x
Description:
Windows cannot determine the user or computer name. Return value (1747).


Event Type: Error
Event Source: MSExchangeIS Public Store
Event Category: General
Event ID: 7200
Date: 6/3/2005
Time: 6:03:00 AM
User: N/A
Computer: x
Description:
Background thread FDoUpdateCatalog halted on database "First Storage
Group\Public Folder Store (x)" due to error code 0x80004005.

For more information, click http://www.microsoft.com/contentredirect.asp.


Event Type: Error
Event Source: MSExchangeDSAccess
Event Category: Topology
Event ID: 2103
Date: 6/3/2005
Time: 6:03:04 AM
User: N/A
Computer: x
Description:
Process MAD.EXE (PID=2748). All Global Catalog Servers in use are not
responding:
x.x.local


For more information, click http://www.microsoft.com/contentredirect.asp.


Event Type: Error
Event Source: MSExchangeSA
Event Category: General
Event ID: 9153
Date: 6/3/2005
Time: 8:33:37 AM
User: N/A
Computer: x
Description:
Microsoft Exchange System Attendant reported an error '0x8007203b' when
setting DS notification.

For more information, click http://www.microsoft.com/contentredirect.asp.

Event Type: Error
Event Source: MSExchangeSA
Event Category: RFR Interface
Event ID: 9143
Date: 6/3/2005
Time: 8:35:19 AM
User: N/A
Computer: x
Description:
Referral Interface cannot contact any Global Catalog that supports the NSPI
Service. Clients making RFR requests will fail to connect until a Global
Catalog becomes available again. After a Domain Controller is promoted to a
Global Catalog, it must be rebooted to support MAPI Clients.

For more information, click http://www.microsoft.com/contentredirect.asp.

Event Type: Error
Event Source: MSExchangeDSAccess
Event Category: Topology
Event ID: 2102
Date: 6/3/2005
Time: 8:00:34 AM
User: N/A
Computer: x
Description:
Process MAD.EXE (PID=2748). All Domain Controller Servers in use are not
responding:
x.x.local


For more information, click http://www.microsoft.com/contentredirect.asp.





"Fredly" <abc@email.com> wrote in message
news:#ACpFIRaFHA.2884@tk2msftngp13.phx.gbl...
> The system can not log you on due to the following error. The network
> request is not supported.
>
> Seems to be a rash of this problem in the last few days. Several people
> reference a virus, worm or bot.
>
> http://www.experts-exchange.com/Operating_Systems/Win2000/Q_21439641....
>
> http://www.experts-exchange.com/Operating_Systems/Win2000/Q_21443828....
>
> I'm having trouble with exchange errors and then the system itself. I
too,
> ran into this one time a few weeks ago, then nothing until 6/1. Now it's
> every few hours, hard boot, happens again.
>
> We run SAVCE 8.0 and it's defs are up to date.
>
> I going in to fight with this today. Anybody here anything new? I saw
> someone already called MS. Any luck??
>
>

David H. Lipman
07-09-2005, 11:49 PM
From: "Fredly" <abc@email.com>

| Thanks Dave and Frank.
|
| Frank, SAVCE is compatible with SBS 2000. I'm not very impressed by 10 at
| this time. I'd stick with 9 until they iron it out...
|
| Dave, I'm looking for someone who is having this problem and has had some
| luck with it. Thank you for your response.
|
| "You posted all over the place and haven't supplied any substantiating
| information."
|
| Anything in particular you were looking for?
|
| SBS 2000
| SAVCE 8.0
| Watchguard
|
| Here is my post from yesterday.

< event log entries snipped >

I pcked you up in the MS Security/Virus NG. The URLs posted are brokend and and don't see
viral activity from anything posted thus far.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Fredly
07-09-2005, 11:49 PM
Just ran another scan and she came up clean.

Last night, after running OK for 5+hrs, it came up these two in the app log
first. Then went on to it's slew of Exchange / GC errors. Same as the last
post.

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1000
Date: 6/3/2005
Time: 7:33:11 PM
User: NT AUTHORITY\SYSTEM
Computer:x
Description:
Windows cannot establish a connection to x.local with (1364).

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1000
Date: 6/3/2005
Time: 7:33:11 PM
User: NT AUTHORITY\SYSTEM
Computer: x
Description:
Windows cannot query for the list of Group Policy objects . A message that
describes the reason for this was previously logged by this policy engine.

"Fredly" <abc@email.com> wrote in message
news:#ACpFIRaFHA.2884@tk2msftngp13.phx.gbl...
> The system can not log you on due to the following error. The network
> request is not supported.
>
> Seems to be a rash of this problem in the last few days. Several people
> reference a virus, worm or bot.
>
> http://www.experts-exchange.com/Operating_Systems/Win2000/Q_21439641....
>
> http://www.experts-exchange.com/Operating_Systems/Win2000/Q_21443828....
>
> I'm having trouble with exchange errors and then the system itself. I
too,
> ran into this one time a few weeks ago, then nothing until 6/1. Now it's
> every few hours, hard boot, happens again.
>
> We run SAVCE 8.0 and it's defs are up to date.
>
> I going in to fight with this today. Anybody here anything new? I saw
> someone already called MS. Any luck??
>
>

Frank McCallister SBS MVP
07-09-2005, 11:49 PM
Sorry you posted in SBS 2k3 group I assumed 2k3 not 2000. Yes 9 is
compatible, 10 is latest.

--
Frank McCallister SBS MVP
COMPUMAC
"Fredly" <abc@email.com> wrote in message
news:%23tNq70RaFHA.3400@tk2msftngp13.phx.gbl...
> Thanks Dave and Frank.
>
> Frank, SAVCE is compatible with SBS 2000. I'm not very impressed by 10 at
> this time. I'd stick with 9 until they iron it out...
>
> Dave, I'm looking for someone who is having this problem and has had some
> luck with it. Thank you for your response.
>
> "You posted all over the place and haven't supplied any substantiating
> information."
>
> Anything in particular you were looking for?
>
> SBS 2000
> SAVCE 8.0
> Watchguard
>
> Here is my post from yesterday.
>
> -----------------
>
> I've got an SBS 2000 server that keeps locking up. Users cannot use
> Outlook
> or shared folders.
>
> When you try and logon at the server locally (on the console) you get:
>
> "The system can not log you on due to the following error.
>
> The network request is not supported.
>
> Please try again or ..."
>
> We must hold in the power button and hard boot. Then it works for a
> while.
> Less and less time it seems.
>
> In the time I can get in after reboots this is what I'm seeing in the
> event
> log (app) prior to lock up. In no certain order:
>
> Event Type: Error
> Event Source: MSExchangeMTA
> Event Category: Directory Access
> Event ID: 155
> Date: 6/3/2005
> Time: 7:05:09 AM
> User: N/A
> Computer: x
> Description:
> Error 0X80004005 occurred while reading information for directory name
> (DN)
> CN=SMTP
> (x-{D968AE78-98D6-45FE-AE89-EB1F92726DBA}),CN=CONNECTIONS,CN=x,CN=MICROSOFT
> EXCHANGE,CN=SERVICES,CN=CONFIGURATION,DC=x,DC=LOCAL from the directory.
> [MTA
> OPERATOR 25 38] (12)
>
> For more information, click http://www.microsoft.com/contentredirect.asp.
>
>
> Event Type: Error
> Event Source: MSExchangeIS Public Store
> Event Category: Replication Errors
> Event ID: 3079
> Date: 6/3/2005
> Time: 6:50:46 AM
> User: N/A
> Computer: x
> Description:
> Unexpected replication thread error 0x80004005 on database "First Storage
> Group\Public Folder Store (x)"
>
> FReplAgent
>
>
> For more information, click http://www.microsoft.com/contentredirect.asp.
>
>
> Event Type: Warning
> Event Source: MSExchangeMU
> Event Category: General
> Event ID: 1040
> Date: 6/3/2005
> Time: 6:24:04 AM
> User: N/A
> Computer: x
> Description:
> Metabase Update failed replication 5 times with error 80004005
> (Unspecified
> error). Please change the diagnostic logging level of MSExchangeMU to
> 'minimum' or greater to find the source of the problem.
>
> For more information, click http://www.microsoft.com/contentredirect.asp.
>
>
> Event Type: Error
> Event Source: MSExchangeSA
> Event Category: General
> Event ID: 9188
> Date: 6/3/2005
> Time: 6:17:37 AM
> User: N/A
> Computer: x
> Description:
> Microsoft Exchange System Attendant failed to read the membership of group
> 'cn=Exchange Domain Servers,cn=Users,dc=x,dc=local'. Error code
> '8007203b'.
>
> Please check whether the local computer is a member of the group. If it is
> not, stop all the Microsoft Exchange services, add the local computer into
> the group manually and restart all the services.
>
> For more information, click http://www.microsoft.com/contentredirect.asp.
>
>
> Event Type: Error
> Event Source: Userenv
> Event Category: None
> Event ID: 1000
> Date: 6/3/2005
> Time: 6:07:04 AM
> User: NT AUTHORITY\SYSTEM
> Computer: x
> Description:
> Windows cannot determine the user or computer name. Return value (1747).
>
>
> Event Type: Error
> Event Source: MSExchangeIS Public Store
> Event Category: General
> Event ID: 7200
> Date: 6/3/2005
> Time: 6:03:00 AM
> User: N/A
> Computer: x
> Description:
> Background thread FDoUpdateCatalog halted on database "First Storage
> Group\Public Folder Store (x)" due to error code 0x80004005.
>
> For more information, click http://www.microsoft.com/contentredirect.asp.
>
>
> Event Type: Error
> Event Source: MSExchangeDSAccess
> Event Category: Topology
> Event ID: 2103
> Date: 6/3/2005
> Time: 6:03:04 AM
> User: N/A
> Computer: x
> Description:
> Process MAD.EXE (PID=2748). All Global Catalog Servers in use are not
> responding:
> x.x.local
>
>
> For more information, click http://www.microsoft.com/contentredirect.asp.
>
>
> Event Type: Error
> Event Source: MSExchangeSA
> Event Category: General
> Event ID: 9153
> Date: 6/3/2005
> Time: 8:33:37 AM
> User: N/A
> Computer: x
> Description:
> Microsoft Exchange System Attendant reported an error '0x8007203b' when
> setting DS notification.
>
> For more information, click http://www.microsoft.com/contentredirect.asp.
>
> Event Type: Error
> Event Source: MSExchangeSA
> Event Category: RFR Interface
> Event ID: 9143
> Date: 6/3/2005
> Time: 8:35:19 AM
> User: N/A
> Computer: x
> Description:
> Referral Interface cannot contact any Global Catalog that supports the
> NSPI
> Service. Clients making RFR requests will fail to connect until a Global
> Catalog becomes available again. After a Domain Controller is promoted to
> a
> Global Catalog, it must be rebooted to support MAPI Clients.
>
> For more information, click http://www.microsoft.com/contentredirect.asp.
>
> Event Type: Error
> Event Source: MSExchangeDSAccess
> Event Category: Topology
> Event ID: 2102
> Date: 6/3/2005
> Time: 8:00:34 AM
> User: N/A
> Computer: x
> Description:
> Process MAD.EXE (PID=2748). All Domain Controller Servers in use are not
> responding:
> x.x.local
>
>
> For more information, click http://www.microsoft.com/contentredirect.asp.
>
>
>
>
>
> "Fredly" <abc@email.com> wrote in message
> news:#ACpFIRaFHA.2884@tk2msftngp13.phx.gbl...
>> The system can not log you on due to the following error. The network
>> request is not supported.
>>
>> Seems to be a rash of this problem in the last few days. Several people
>> reference a virus, worm or bot.
>>
>> http://www.experts-exchange.com/Operating_Systems/Win2000/Q_21439641....
>>
>> http://www.experts-exchange.com/Operating_Systems/Win2000/Q_21443828....
>>
>> I'm having trouble with exchange errors and then the system itself. I
> too,
>> ran into this one time a few weeks ago, then nothing until 6/1. Now it's
>> every few hours, hard boot, happens again.
>>
>> We run SAVCE 8.0 and it's defs are up to date.
>>
>> I going in to fight with this today. Anybody here anything new? I saw
>> someone already called MS. Any luck??
>>
>>
>
>

Fredly
07-09-2005, 11:49 PM
David-

Sorry for the broken links! This link thread says it all. Towards the end
there are two additional links that really nail it.

http://groups-beta.google.com/group/microsoft.public.win2000.networking/browse_thread/thread/27b69c439da224e2/803ce711ac10a3e0?q=%22the+system+can+not+log+you+on+due+to+the+following+error%22&rnum=3&hl=en#803ce711ac10a3e0

If that doesn't work try copying and pasting the line below into a google
groups search. This is the subject (not my post). It should come up 5th...

The network request is not supported - Help needed !!!

Thank you!


"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:eQpT56RaFHA.1040@TK2MSFTNGP10.phx.gbl...
> From: "Fredly" <abc@email.com>
>
> | Thanks Dave and Frank.
> |
> | Frank, SAVCE is compatible with SBS 2000. I'm not very impressed by 10
at
> | this time. I'd stick with 9 until they iron it out...
> |
> | Dave, I'm looking for someone who is having this problem and has had
some
> | luck with it. Thank you for your response.
> |
> | "You posted all over the place and haven't supplied any substantiating
> | information."
> |
> | Anything in particular you were looking for?
> |
> | SBS 2000
> | SAVCE 8.0
> | Watchguard
> |
> | Here is my post from yesterday.
>
> < event log entries snipped >
>
> I pcked you up in the MS Security/Virus NG. The URLs posted are brokend
and and don't see
> viral activity from anything posted thus far.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>

David H. Lipman
07-09-2005, 11:49 PM
From: "Fredly" <abc@email.com>

Run a scan using the McAfee Command Line Scanner to see if there is anthing SAV missed.

You can run it in Normal Mode if you like if you don't want to bring down the server.


Dump the contents of the IE Temporary Internet Folder cache (TIF)
Start --> Settings --> Control Panel --> Internet Options --> Delete Files

Dump the contents of the Mozilla FireFox Cache { if you use FireFox }
Tools --> Options --> Privacy --> Cache --> Clear


Download CLEAN.EXE from the URL --
http://www.ik-cs.com/programs/virtools/clean.exe

It is a self-extracting ZIP file that contains the Kixtart Script Interpreter
{ http://kixtart.org Kixtart is CareWare } three batch files, two Kixtart scripts, two Link
(.lnk) files and a PDF instruction file.

GETFILES.BAT -- For downloading (FTP) the files needed to run the McAfee Command Line
Scanner. You may have to disable your FireWall or allow FTP.EXE to go through your FireWall
to allow the FTP utility to download the needed files

CLEAN.BAT -- For running within Windows after running c:\mcafee\GetFiles.BAT. If you choose
to scan again at a future date, run this batch file. It will automatically check the date
of the McAfee DAT files and if it is a couple of days old, it will download (FTP) the latest
signature files and install them before performing the scan.

DOSCLEAN.BAT -- For use on a Win9x/ME PC or on a Win2K/WinXP PC that is using FAT32 after
you have booted from an Emergency Boot Disk or DOS disk and have already executed;
c:\mcafee\GetFiles.BAT from within Windows. DOS disk boot images can be obtained from;
http://www.bootdisk.com/bootdisk.htm

I need you to perform the following...

Execute; CLEAN.EXE
Choose; Unzip
Choose; Close

Execute; c:\mcafee\GetFiles.BAT
{ or Double-click on 'GetFiles Link' in c:\mcafee }

Reboot the PC into Safe Mode [F8 key during boot]

Shutdown as many applications as possible !
It would also help for you to read - "How to perform a clean boot in Windows XP"
http://support.microsoft.com/kb/310353

Execute; c:\mcafee\CLEAN.BAT
{ or Double-click on 'Clean Link' in c:\mcafee }

A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the
end of the scan, it will be displayed in your browser (Opera, FireFox or Internet Explorer).
It is suggested that you move the report out of c:\mcafee before performing another scan.
It would be a good idea to scan in Safe Mode and in Normal Mode and save a copy of the HTML
report for each session.


* * * Please report back your results * * *




--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Fredly
07-09-2005, 11:49 PM
Frank. You're right. My fault. Oops. I'm so used to posting to this SBS
group, I forgot it was a 2K3 group. I should have been specific. Duh.

"Frank McCallister SBS MVP" <anonymous> wrote in message
news:OHaxCCSaFHA.3808@TK2MSFTNGP14.phx.gbl...
> Sorry you posted in SBS 2k3 group I assumed 2k3 not 2000. Yes 9 is
> compatible, 10 is latest.
>
> --
> Frank McCallister SBS MVP
> COMPUMAC
> "Fredly" <abc@email.com> wrote in message
> news:%23tNq70RaFHA.3400@tk2msftngp13.phx.gbl...
> > Thanks Dave and Frank.
> >
> > Frank, SAVCE is compatible with SBS 2000. I'm not very impressed by 10
at
> > this time. I'd stick with 9 until they iron it out...
> >
> > Dave, I'm looking for someone who is having this problem and has had
some
> > luck with it. Thank you for your response.
> >
> > "You posted all over the place and haven't supplied any substantiating
> > information."
> >
> > Anything in particular you were looking for?
> >
> > SBS 2000
> > SAVCE 8.0
> > Watchguard
> >
> > Here is my post from yesterday.
> >
> > -----------------
> >
> > I've got an SBS 2000 server that keeps locking up. Users cannot use
> > Outlook
> > or shared folders.
> >
> > When you try and logon at the server locally (on the console) you get:
> >
> > "The system can not log you on due to the following error.
> >
> > The network request is not supported.
> >
> > Please try again or ..."
> >
> > We must hold in the power button and hard boot. Then it works for a
> > while.
> > Less and less time it seems.
> >
> > In the time I can get in after reboots this is what I'm seeing in the
> > event
> > log (app) prior to lock up. In no certain order:
> >
> > Event Type: Error
> > Event Source: MSExchangeMTA
> > Event Category: Directory Access
> > Event ID: 155
> > Date: 6/3/2005
> > Time: 7:05:09 AM
> > User: N/A
> > Computer: x
> > Description:
> > Error 0X80004005 occurred while reading information for directory name
> > (DN)
> > CN=SMTP
> >
(x-{D968AE78-98D6-45FE-AE89-EB1F92726DBA}),CN=CONNECTIONS,CN=x,CN=MICROSOFT
> > EXCHANGE,CN=SERVICES,CN=CONFIGURATION,DC=x,DC=LOCAL from the directory.
> > [MTA
> > OPERATOR 25 38] (12)
> >
> > For more information, click
http://www.microsoft.com/contentredirect.asp.
> >
> >
> > Event Type: Error
> > Event Source: MSExchangeIS Public Store
> > Event Category: Replication Errors
> > Event ID: 3079
> > Date: 6/3/2005
> > Time: 6:50:46 AM
> > User: N/A
> > Computer: x
> > Description:
> > Unexpected replication thread error 0x80004005 on database "First
Storage
> > Group\Public Folder Store (x)"
> >
> > FReplAgent
> >
> >
> > For more information, click
http://www.microsoft.com/contentredirect.asp.
> >
> >
> > Event Type: Warning
> > Event Source: MSExchangeMU
> > Event Category: General
> > Event ID: 1040
> > Date: 6/3/2005
> > Time: 6:24:04 AM
> > User: N/A
> > Computer: x
> > Description:
> > Metabase Update failed replication 5 times with error 80004005
> > (Unspecified
> > error). Please change the diagnostic logging level of MSExchangeMU to
> > 'minimum' or greater to find the source of the problem.
> >
> > For more information, click
http://www.microsoft.com/contentredirect.asp.
> >
> >
> > Event Type: Error
> > Event Source: MSExchangeSA
> > Event Category: General
> > Event ID: 9188
> > Date: 6/3/2005
> > Time: 6:17:37 AM
> > User: N/A
> > Computer: x
> > Description:
> > Microsoft Exchange System Attendant failed to read the membership of
group
> > 'cn=Exchange Domain Servers,cn=Users,dc=x,dc=local'. Error code
> > '8007203b'.
> >
> > Please check whether the local computer is a member of the group. If it
is
> > not, stop all the Microsoft Exchange services, add the local computer
into
> > the group manually and restart all the services.
> >
> > For more information, click
http://www.microsoft.com/contentredirect.asp.
> >
> >
> > Event Type: Error
> > Event Source: Userenv
> > Event Category: None
> > Event ID: 1000
> > Date: 6/3/2005
> > Time: 6:07:04 AM
> > User: NT AUTHORITY\SYSTEM
> > Computer: x
> > Description:
> > Windows cannot determine the user or computer name. Return value (1747).
> >
> >
> > Event Type: Error
> > Event Source: MSExchangeIS Public Store
> > Event Category: General
> > Event ID: 7200
> > Date: 6/3/2005
> > Time: 6:03:00 AM
> > User: N/A
> > Computer: x
> > Description:
> > Background thread FDoUpdateCatalog halted on database "First Storage
> > Group\Public Folder Store (x)" due to error code 0x80004005.
> >
> > For more information, click
http://www.microsoft.com/contentredirect.asp.
> >
> >
> > Event Type: Error
> > Event Source: MSExchangeDSAccess
> > Event Category: Topology
> > Event ID: 2103
> > Date: 6/3/2005
> > Time: 6:03:04 AM
> > User: N/A
> > Computer: x
> > Description:
> > Process MAD.EXE (PID=2748). All Global Catalog Servers in use are not
> > responding:
> > x.x.local
> >
> >
> > For more information, click
http://www.microsoft.com/contentredirect.asp.
> >
> >
> > Event Type: Error
> > Event Source: MSExchangeSA
> > Event Category: General
> > Event ID: 9153
> > Date: 6/3/2005
> > Time: 8:33:37 AM
> > User: N/A
> > Computer: x
> > Description:
> > Microsoft Exchange System Attendant reported an error '0x8007203b' when
> > setting DS notification.
> >
> > For more information, click
http://www.microsoft.com/contentredirect.asp.
> >
> > Event Type: Error
> > Event Source: MSExchangeSA
> > Event Category: RFR Interface
> > Event ID: 9143
> > Date: 6/3/2005
> > Time: 8:35:19 AM
> > User: N/A
> > Computer: x
> > Description:
> > Referral Interface cannot contact any Global Catalog that supports the
> > NSPI
> > Service. Clients making RFR requests will fail to connect until a Global
> > Catalog becomes available again. After a Domain Controller is promoted
to
> > a
> > Global Catalog, it must be rebooted to support MAPI Clients.
> >
> > For more information, click
http://www.microsoft.com/contentredirect.asp.
> >
> > Event Type: Error
> > Event Source: MSExchangeDSAccess
> > Event Category: Topology
> > Event ID: 2102
> > Date: 6/3/2005
> > Time: 8:00:34 AM
> > User: N/A
> > Computer: x
> > Description:
> > Process MAD.EXE (PID=2748). All Domain Controller Servers in use are not
> > responding:
> > x.x.local
> >
> >
> > For more information, click
http://www.microsoft.com/contentredirect.asp.
> >
> >
> >
> >
> >
> > "Fredly" <abc@email.com> wrote in message
> > news:#ACpFIRaFHA.2884@tk2msftngp13.phx.gbl...
> >> The system can not log you on due to the following error. The network
> >> request is not supported.
> >>
> >> Seems to be a rash of this problem in the last few days. Several
people
> >> reference a virus, worm or bot.
> >>
> >>
http://www.experts-exchange.com/Operating_Systems/Win2000/Q_21439641....
> >>
> >>
http://www.experts-exchange.com/Operating_Systems/Win2000/Q_21443828....
> >>
> >> I'm having trouble with exchange errors and then the system itself. I
> > too,
> >> ran into this one time a few weeks ago, then nothing until 6/1. Now
it's
> >> every few hours, hard boot, happens again.
> >>
> >> We run SAVCE 8.0 and it's defs are up to date.
> >>
> >> I going in to fight with this today. Anybody here anything new? I saw
> >> someone already called MS. Any luck??
> >>
> >>
> >
> >
>
>

David Copeland [MSFT]
07-09-2005, 11:49 PM
As a safety precaution can you put the internal nic on a hub by itself (or
at least shutdown all internal client machines/servers) and unplug the
external network cable and then reboot the server.. Does the
problem occur? If not, then can you configure the server (ISA/firewall) to
not allow any inbound traffic to the server (for example, disable inbound
packet filters, web publishing rules, and/or server publishing rules).. Then
plug in the external network cable and go to Windows Update and check to
see if you are missing any critical updates! And/or any other critical
updates. Might use something like MBSA to check the server as well.


--

Hope that helps,
David Copeland
Microsoft Small Business Server Support

This posting is provided "AS IS" with no warranties, and confers no rights.


SBS Newsgroups:

SBS v4.x: microsoft.public.backoffice.smallbiz
SBS 2000: microsoft.public.backoffice.smallbiz2000
SBS 2003: microsoft.public.windows.server.sbs

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:eT616FSaFHA.2124@TK2MSFTNGP14.phx.gbl...
> From: "Fredly" <abc@email.com>
>
> Run a scan using the McAfee Command Line Scanner to see if there is
> anthing SAV missed.
>
> You can run it in Normal Mode if you like if you don't want to bring down
> the server.
>
>
> Dump the contents of the IE Temporary Internet Folder cache (TIF)
> Start --> Settings --> Control Panel --> Internet Options --> Delete Files
>
> Dump the contents of the Mozilla FireFox Cache { if you use FireFox }
> Tools --> Options --> Privacy --> Cache --> Clear
>
>
> Download CLEAN.EXE from the URL --
> http://www.ik-cs.com/programs/virtools/clean.exe
>
> It is a self-extracting ZIP file that contains the Kixtart Script
> Interpreter
> { http://kixtart.org Kixtart is CareWare } three batch files, two Kixtart
> scripts, two Link
> (.lnk) files and a PDF instruction file.
>
> GETFILES.BAT -- For downloading (FTP) the files needed to run the McAfee
> Command Line
> Scanner. You may have to disable your FireWall or allow FTP.EXE to go
> through your FireWall
> to allow the FTP utility to download the needed files
>
> CLEAN.BAT -- For running within Windows after running
> c:\mcafee\GetFiles.BAT. If you choose
> to scan again at a future date, run this batch file. It will
> automatically check the date
> of the McAfee DAT files and if it is a couple of days old, it will
> download (FTP) the latest
> signature files and install them before performing the scan.
>
> DOSCLEAN.BAT -- For use on a Win9x/ME PC or on a Win2K/WinXP PC that is
> using FAT32 after
> you have booted from an Emergency Boot Disk or DOS disk and have already
> executed;
> c:\mcafee\GetFiles.BAT from within Windows. DOS disk boot images can be
> obtained from;
> http://www.bootdisk.com/bootdisk.htm
>
> I need you to perform the following...
>
> Execute; CLEAN.EXE
> Choose; Unzip
> Choose; Close
>
> Execute; c:\mcafee\GetFiles.BAT
> { or Double-click on 'GetFiles Link' in c:\mcafee }
>
> Reboot the PC into Safe Mode [F8 key during boot]
>
> Shutdown as many applications as possible !
> It would also help for you to read - "How to perform a clean boot in
> Windows XP"
> http://support.microsoft.com/kb/310353
>
> Execute; c:\mcafee\CLEAN.BAT
> { or Double-click on 'Clean Link' in c:\mcafee }
>
> A final report in HTML format called C:\mcafee\ScanReport.HTML will be
> generated. At the
> end of the scan, it will be displayed in your browser (Opera, FireFox or
> Internet Explorer).
> It is suggested that you move the report out of c:\mcafee before
> performing another scan.
> It would be a good idea to scan in Safe Mode and in Normal Mode and save a
> copy of the HTML
> report for each session.
>
>
> * * * Please report back your results * * *
>
>
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>

Fredly
07-09-2005, 11:49 PM
Thank you David!

It takes a while for it to occur so I won't know soon. I did close port 80
on the watchguard firewall (it was pointing to the server). Just a hunch.
I was back a few patches.

I have red stop sign errors on Array Manager, Public, Exchange and Exadmin
in IIS.

I just saw this in my IIS log:

2005-06-04 00:29:37 67.183.3.221 - 10.0.0.2 80 GET / - 500 -
2005-06-04 05:41:28 67.116.70.34 - 10.0.0.2 80 GET /scripts/root.exe /c+dir
404 -
2005-06-04 05:41:28 67.116.70.34 - 10.0.0.2 80 GET /MSADC/root.exe /c+dir
403 -
2005-06-04 05:41:30 67.116.70.34 - 10.0.0.2 80 GET /c/winnt/system32/cmd.exe
/c+dir 404 -
2005-06-04 05:41:30 67.116.70.34 - 10.0.0.2 80 GET /d/winnt/system32/cmd.exe
/c+dir 404 -
2005-06-04 05:41:32 67.116.70.34 - 10.0.0.2 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
2005-06-04 05:41:32 67.116.70.34 - 10.0.0.2 80 GET
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 500 -
2005-06-04 05:41:34 67.116.70.34 - 10.0.0.2 80 GET
/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 404 -
2005-06-04 05:41:35 67.116.70.34 - 10.0.0.2 80 GET
/msadc/..%5c../..%5c../..%5c/..../..../..../winnt/system32/cmd.exe
/c+dir 403 -
2005-06-04 05:41:35 67.116.70.34 - 10.0.0.2 80 GET
/scripts/..../winnt/system32/cmd.exe /c+dir 500 -
2005-06-04 05:41:37 67.116.70.34 - 10.0.0.2 80 GET
/scripts/winnt/system32/cmd.exe /c+dir 404 -
2005-06-04 05:41:37 67.116.70.34 - 10.0.0.2 80 GET /winnt/system32/cmd.exe
/c+dir 404 -
2005-06-04 05:41:39 67.116.70.34 - 10.0.0.2 80 GET /winnt/system32/cmd.exe
/c+dir 404 -
2005-06-04 05:41:39 67.116.70.34 - 10.0.0.2 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
2005-06-04 05:41:41 67.116.70.34 - 10.0.0.2 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
2005-06-04 05:41:42 67.116.70.34 - 10.0.0.2 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
2005-06-04 05:41:42 67.116.70.34 - 10.0.0.2 80 GET
/scripts/..%2f../winnt/system32/cmd.exe /c+dir 500 -
2005-06-04 06:14:05 67.167.141.247 - 10.0.0.2 80 GET / - 500 -

This from the other day:

2005-06-01 16:25:54 61.73.62.50 - 10.0.0.2 80 GET /forum/ - 404
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
2005-06-01 16:25:55 61.73.62.50 - 10.0.0.2 80 GET /phpBB/ - 404
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
2005-06-01 16:25:57 61.73.62.50 - 10.0.0.2 80 GET /iisstart.asp - 200
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
2005-06-01 16:25:57 61.73.62.50 - 10.0.0.2 80 GET /forums/ - 404
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
2005-06-01 16:25:59 61.73.62.50 - 10.0.0.2 80 GET /phpbb/ - 404
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
2005-06-01 16:26:01 61.73.62.50 - 10.0.0.2 80 GET /board/ - 404
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
2005-06-01 16:26:02 61.73.62.50 - 10.0.0.2 80 GET /boards/ - 404
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
2005-06-01 16:26:04 61.73.62.50 - 10.0.0.2 80 GET /phpBB2/ - 404
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
2005-06-01 16:26:05 61.73.62.50 - 10.0.0.2 80 GET /msgboard/ - 404
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
2005-06-01 16:26:07 61.73.62.50 - 10.0.0.2 80 GET /foros/ - 404
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
2005-06-01 16:26:08 61.73.62.50 - 10.0.0.2 80 GET /portal/ - 404
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)

This from the first time the server behaved this way:

2005-05-09 03:27:26 67.163.230.186 - 10.0.0.2 80 GET /scripts/root.exe
/c+dir 404 -
2005-05-09 03:27:26 67.163.230.186 - 10.0.0.2 80 GET /MSADC/root.exe /c+dir
403 -
2005-05-09 03:27:26 67.163.230.186 - 10.0.0.2 80 GET
/c/winnt/system32/cmd.exe /c+dir 404 -
2005-05-09 03:27:26 67.163.230.186 - 10.0.0.2 80 GET
/d/winnt/system32/cmd.exe /c+dir 404 -
2005-05-09 03:27:27 67.163.230.186 - 10.0.0.2 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
2005-05-09 03:27:27 67.163.230.186 - 10.0.0.2 80 GET
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 500 -
2005-05-09 03:27:27 67.163.230.186 - 10.0.0.2 80 GET
/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 404 -
2005-05-09 03:27:27 67.163.230.186 - 10.0.0.2 80 GET
/msadc/..%5c../..%5c../..%5c/..../..../..../winnt/system32/cmd.exe
/c+dir 403 -
2005-05-09 03:27:28 67.163.230.186 - 10.0.0.2 80 GET
/scripts/..../winnt/system32/cmd.exe /c+dir 500 -
2005-05-09 03:27:28 67.163.230.186 - 10.0.0.2 80 GET
/scripts/winnt/system32/cmd.exe /c+dir 404 -
2005-05-09 03:27:28 67.163.230.186 - 10.0.0.2 80 GET /winnt/system32/cmd.exe
/c+dir 404 -
2005-05-09 03:27:28 67.163.230.186 - 10.0.0.2 80 GET /winnt/system32/cmd.exe
/c+dir 404 -
2005-05-09 03:27:29 67.163.230.186 - 10.0.0.2 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
2005-05-09 03:27:29 67.163.230.186 - 10.0.0.2 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
2005-05-09 03:27:29 67.163.230.186 - 10.0.0.2 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
2005-05-09 03:27:29 67.163.230.186 - 10.0.0.2 80 GET
/scripts/..%2f../winnt/system32/cmd.exe /c+dir 500 -
2005-05-09 11:26:56 218.83.155.79 - 10.0.0.2 80 GET /iisstart.asp - 500 -
2005-05-09 14:10:16 10.0.0.2 - 10.0.0.2 80 OPTIONS / - 200
Microsoft-WebDAV-MiniRedir/5.1.2600
2005-05-09 14:14:39 10.0.0.2 - 10.0.0.2 80 PROPFIND /sysvol - 404
Microsoft-WebDAV-MiniRedir/5.1.26002005-05-09 03:27:26 67.163.230.186 -
10.0.0.2 80 GET /scripts/root.exe /c+dir 404 -
2005-05-09 03:27:26 67.163.230.186 - 10.0.0.2 80 GET /MSADC/root.exe /c+dir
403 -
2005-05-09 03:27:26 67.163.230.186 - 10.0.0.2 80 GET
/c/winnt/system32/cmd.exe /c+dir 404 -
2005-05-09 03:27:26 67.163.230.186 - 10.0.0.2 80 GET
/d/winnt/system32/cmd.exe /c+dir 404 -
2005-05-09 03:27:27 67.163.230.186 - 10.0.0.2 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
2005-05-09 03:27:27 67.163.230.186 - 10.0.0.2 80 GET
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 500 -
2005-05-09 03:27:27 67.163.230.186 - 10.0.0.2 80 GET
/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 404 -
2005-05-09 03:27:27 67.163.230.186 - 10.0.0.2 80 GET
/msadc/..%5c../..%5c../..%5c/..../..../..../winnt/system32/cmd.exe
/c+dir 403 -
2005-05-09 03:27:28 67.163.230.186 - 10.0.0.2 80 GET
/scripts/..../winnt/system32/cmd.exe /c+dir 500 -
2005-05-09 03:27:28 67.163.230.186 - 10.0.0.2 80 GET
/scripts/winnt/system32/cmd.exe /c+dir 404 -
2005-05-09 03:27:28 67.163.230.186 - 10.0.0.2 80 GET /winnt/system32/cmd.exe
/c+dir 404 -
2005-05-09 03:27:28 67.163.230.186 - 10.0.0.2 80 GET /winnt/system32/cmd.exe
/c+dir 404 -
2005-05-09 03:27:29 67.163.230.186 - 10.0.0.2 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
2005-05-09 03:27:29 67.163.230.186 - 10.0.0.2 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
2005-05-09 03:27:29 67.163.230.186 - 10.0.0.2 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
2005-05-09 03:27:29 67.163.230.186 - 10.0.0.2 80 GET
/scripts/..%2f../winnt/system32/cmd.exe /c+dir 500 -
2005-05-09 11:26:56 218.83.155.79 - 10.0.0.2 80 GET /iisstart.asp - 500 -
2005-05-09 14:10:16 10.0.0.2 - 10.0.0.2 80 OPTIONS / - 200
Microsoft-WebDAV-MiniRedir/5.1.2600
2005-05-09 14:14:39 10.0.0.2 - 10.0.0.2 80 PROPFIND /sysvol - 404
Microsoft-WebDAV-MiniRedir/5.1.2600


"David Copeland [MSFT]" <davidcop@online.microsoft.com> wrote in message
news:Oqwpj3SaFHA.2884@tk2msftngp13.phx.gbl...
>
> As a safety precaution can you put the internal nic on a hub by itself (or
> at least shutdown all internal client machines/servers) and unplug the
> external network cable and then reboot the server.. Does the
> problem occur? If not, then can you configure the server (ISA/firewall)
to
> not allow any inbound traffic to the server (for example, disable inbound
> packet filters, web publishing rules, and/or server publishing rules)..
Then
> plug in the external network cable and go to Windows Update and check to
> see if you are missing any critical updates! And/or any other critical
> updates. Might use something like MBSA to check the server as well.
>
>
> --
>
> Hope that helps,
> David Copeland
> Microsoft Small Business Server Support
>
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
>
> SBS Newsgroups:
>
> SBS v4.x: microsoft.public.backoffice.smallbiz
> SBS 2000: microsoft.public.backoffice.smallbiz2000
> SBS 2003: microsoft.public.windows.server.sbs
>
> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
> news:eT616FSaFHA.2124@TK2MSFTNGP14.phx.gbl...
> > From: "Fredly" <abc@email.com>
> >
> > Run a scan using the McAfee Command Line Scanner to see if there is
> > anthing SAV missed.
> >
> > You can run it in Normal Mode if you like if you don't want to bring
down
> > the server.
> >
> >
> > Dump the contents of the IE Temporary Internet Folder cache (TIF)
> > Start --> Settings --> Control Panel --> Internet Options --> Delete
Files
> >
> > Dump the contents of the Mozilla FireFox Cache { if you use FireFox }
> > Tools --> Options --> Privacy --> Cache --> Clear
> >
> >
> > Download CLEAN.EXE from the URL --
> > http://www.ik-cs.com/programs/virtools/clean.exe
> >
> > It is a self-extracting ZIP file that contains the Kixtart Script
> > Interpreter
> > { http://kixtart.org Kixtart is CareWare } three batch files, two
Kixtart
> > scripts, two Link
> > (.lnk) files and a PDF instruction file.
> >
> > GETFILES.BAT -- For downloading (FTP) the files needed to run the McAfee
> > Command Line
> > Scanner. You may have to disable your FireWall or allow FTP.EXE to go
> > through your FireWall
> > to allow the FTP utility to download the needed files
> >
> > CLEAN.BAT -- For running within Windows after running
> > c:\mcafee\GetFiles.BAT. If you choose
> > to scan again at a future date, run this batch file. It will
> > automatically check the date
> > of the McAfee DAT files and if it is a couple of days old, it will
> > download (FTP) the latest
> > signature files and install them before performing the scan.
> >
> > DOSCLEAN.BAT -- For use on a Win9x/ME PC or on a Win2K/WinXP PC that is
> > using FAT32 after
> > you have booted from an Emergency Boot Disk or DOS disk and have already
> > executed;
> > c:\mcafee\GetFiles.BAT from within Windows. DOS disk boot images can be
> > obtained from;
> > http://www.bootdisk.com/bootdisk.htm
> >
> > I need you to perform the following...
> >
> > Execute; CLEAN.EXE
> > Choose; Unzip
> > Choose; Close
> >
> > Execute; c:\mcafee\GetFiles.BAT
> > { or Double-click on 'GetFiles Link' in c:\mcafee }
> >
> > Reboot the PC into Safe Mode [F8 key during boot]
> >
> > Shutdown as many applications as possible !
> > It would also help for you to read - "How to perform a clean boot in
> > Windows XP"
> > http://support.microsoft.com/kb/310353
> >
> > Execute; c:\mcafee\CLEAN.BAT
> > { or Double-click on 'Clean Link' in c:\mcafee }
> >
> > A final report in HTML format called C:\mcafee\ScanReport.HTML will be
> > generated. At the
> > end of the scan, it will be displayed in your browser (Opera, FireFox or
> > Internet Explorer).
> > It is suggested that you move the report out of c:\mcafee before
> > performing another scan.
> > It would be a good idea to scan in Safe Mode and in Normal Mode and save
a
> > copy of the HTML
> > report for each session.
> >
> >
> > * * * Please report back your results * * *
> >
> >
> >
> >
> > --
> > Dave
> > http://www.claymania.com/removal-trojan-adware.html
> > http://www.ik-cs.com/got-a-virus.htm
> >
> >
>
>

Fredly
07-09-2005, 11:49 PM
More IIS logs

2005-05-15 10:20:09 67.181.18.143 - 10.0.0.2 80 GET /scripts/root.exe /c+dir
404 -
2005-05-15 10:20:09 67.181.18.143 - 10.0.0.2 80 GET /MSADC/root.exe /c+dir
403 -
2005-05-15 10:20:10 67.181.18.143 - 10.0.0.2 80 GET
/c/winnt/system32/cmd.exe /c+dir 404 -
2005-05-15 10:20:10 67.181.18.143 - 10.0.0.2 80 GET
/d/winnt/system32/cmd.exe /c+dir 404 -
2005-05-15 10:20:11 67.181.18.143 - 10.0.0.2 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
2005-05-15 10:20:11 67.181.18.143 - 10.0.0.2 80 GET
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 500 -
2005-05-15 10:20:11 67.181.18.143 - 10.0.0.2 80 GET
/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 404 -
2005-05-15 10:20:12 67.181.18.143 - 10.0.0.2 80 GET
/msadc/..%5c../..%5c../..%5c/..../..../..../winnt/system32/cmd.exe
/c+dir 403 -
2005-05-15 10:20:12 67.181.18.143 - 10.0.0.2 80 GET
/scripts/..../winnt/system32/cmd.exe /c+dir 500 -
2005-05-15 10:20:13 67.181.18.143 - 10.0.0.2 80 GET
/scripts/winnt/system32/cmd.exe /c+dir 404 -
2005-05-15 10:20:13 67.181.18.143 - 10.0.0.2 80 GET /winnt/system32/cmd.exe
/c+dir 404 -
2005-05-15 10:20:15 67.181.18.143 - 10.0.0.2 80 GET /winnt/system32/cmd.exe
/c+dir 404 -
2005-05-15 10:20:15 67.181.18.143 - 10.0.0.2 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
2005-05-15 10:20:15 67.181.18.143 - 10.0.0.2 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
2005-05-15 10:20:16 67.181.18.143 - 10.0.0.2 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
2005-05-15 10:20:16 67.181.18.143 - 10.0.0.2 80 GET
/scripts/..%2f../winnt/system32/cmd.exe /c+dir 500 -
2005-05-15 11:47:46 67.188.237.215 - 10.0.0.2 80 GET /scripts/root.exe
/c+dir 404 -
2005-05-15 11:47:46 67.188.237.215 - 10.0.0.2 80 GET /MSADC/root.exe /c+dir
403 -
2005-05-15 11:47:46 67.188.237.215 - 10.0.0.2 80 GET
/c/winnt/system32/cmd.exe /c+dir 404 -
2005-05-15 11:47:46 67.188.237.215 - 10.0.0.2 80 GET
/d/winnt/system32/cmd.exe /c+dir 404 -
2005-05-15 11:47:47 67.188.237.215 - 10.0.0.2 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
2005-05-15 11:47:47 67.188.237.215 - 10.0.0.2 80 GET
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 500 -
2005-05-15 11:47:47 67.188.237.215 - 10.0.0.2 80 GET
/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 404 -
2005-05-15 11:47:47 67.188.237.215 - 10.0.0.2 80 GET
/msadc/..%5c../..%5c../..%5c/..../..../..../winnt/system32/cmd.exe
/c+dir 403 -
2005-05-15 11:47:48 67.188.237.215 - 10.0.0.2 80 GET
/scripts/..../winnt/system32/cmd.exe /c+dir 500 -
2005-05-15 11:47:48 67.188.237.215 - 10.0.0.2 80 GET
/scripts/winnt/system32/cmd.exe /c+dir 404 -
2005-05-15 11:47:48 67.188.237.215 - 10.0.0.2 80 GET /winnt/system32/cmd.exe
/c+dir 404 -
2005-05-15 11:47:48 67.188.237.215 - 10.0.0.2 80 GET /winnt/system32/cmd.exe
/c+dir 404 -
2005-05-15 11:47:49 67.188.237.215 - 10.0.0.2 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
2005-05-15 11:47:49 67.188.237.215 - 10.0.0.2 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
2005-05-15 11:47:49 67.188.237.215 - 10.0.0.2 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
2005-05-15 11:47:49 67.188.237.215 - 10.0.0.2 80 GET
/scripts/..%2f../winnt/system32/cmd.exe /c+dir 500 -
2005-05-15 13:43:51 218.83.155.79 - 10.0.0.2 80 GET /default.shtml
<B>Failed+to+process+SSI+file+'/default.shtml'</B><BR>++ 200 -

2005-05-23 03:11:29 67.174.115.120 - 10.0.0.2 80 GET /scripts/root.exe
/c+dir 404 -
2005-05-23 03:11:29 67.174.115.120 - 10.0.0.2 80 GET /MSADC/root.exe /c+dir
403 -
2005-05-23 03:11:31 67.174.115.120 - 10.0.0.2 80 GET
/c/winnt/system32/cmd.exe /c+dir 404 -
2005-05-23 03:11:31 67.174.115.120 - 10.0.0.2 80 GET
/d/winnt/system32/cmd.exe /c+dir 404 -
2005-05-23 03:11:32 67.174.115.120 - 10.0.0.2 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
2005-05-23 03:11:32 67.174.115.120 - 10.0.0.2 80 GET
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 500 -
2005-05-23 03:11:32 67.174.115.120 - 10.0.0.2 80 GET
/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 404 -
2005-05-23 03:11:33 67.174.115.120 - 10.0.0.2 80 GET
/msadc/..%5c../..%5c../..%5c/..../..../..../winnt/system32/cmd.exe
/c+dir 403 -
2005-05-23 03:11:33 67.174.115.120 - 10.0.0.2 80 GET
/scripts/..../winnt/system32/cmd.exe /c+dir 500 -
2005-05-23 03:11:33 67.174.115.120 - 10.0.0.2 80 GET
/scripts/winnt/system32/cmd.exe /c+dir 404 -
2005-05-23 03:11:34 67.174.115.120 - 10.0.0.2 80 GET /winnt/system32/cmd.exe
/c+dir 404 -
2005-05-23 03:11:34 67.174.115.120 - 10.0.0.2 80 GET /winnt/system32/cmd.exe
/c+dir 404 -
2005-05-23 03:11:35 67.174.115.120 - 10.0.0.2 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
2005-05-23 03:11:35 67.174.115.120 - 10.0.0.2 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
2005-05-23 03:11:35 67.174.115.120 - 10.0.0.2 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
2005-05-23 03:11:35 67.174.115.120 - 10.0.0.2 80 GET
/scripts/..%2f../winnt/system32/cmd.exe /c+dir 500 -
2005-05-23 06:56:33 201.7.175.11 - 10.0.0.2 80 GET /forum/ - 404
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
2005-05-23 06:56:33 201.7.175.11 - 10.0.0.2 80 GET /phpBB/ - 404
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
2005-05-23 06:56:38 201.7.175.11 - 10.0.0.2 80 GET /iisstart.asp - 200
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
2005-05-23 06:56:38 201.7.175.11 - 10.0.0.2 80 GET /forums/ - 404
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
2005-05-23 06:56:40 201.7.175.11 - 10.0.0.2 80 GET /phpbb/ - 404
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
2005-05-23 06:56:40 201.7.175.11 - 10.0.0.2 80 GET /board/ - 404
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
2005-05-23 06:56:45 201.7.175.11 - 10.0.0.2 80 GET /boards/ - 404
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
2005-05-23 06:56:45 201.7.175.11 - 10.0.0.2 80 GET /phpBB2/ - 404
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
2005-05-23 06:56:49 201.7.175.11 - 10.0.0.2 80 GET /msgboard/ - 404
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
2005-05-23 06:56:53 201.7.175.11 - 10.0.0.2 80 GET /foros/ - 404
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
2005-05-23 06:56:53 201.7.175.11 - 10.0.0.2 80 GET /portal/ - 404
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
2005-05-23 06:56:57 201.7.175.11 - 10.0.0.2 80 GET /chat/ - 404
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
2005-05-23 06:57:00 201.7.175.11 - 10.0.0.2 80 GET /phpBB1/ - 404
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
2005-05-23 06:57:03 201.7.175.11 - 10.0.0.2 80 GET /phpBB3/ - 404
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
2005-05-23 06:57:03 201.7.175.11 - 10.0.0.2 80 GET /phpBB4/ - 404
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
2005-05-23 06:57:07 201.7.175.11 - 10.0.0.2 80 GET /phpBB5/ - 404
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
2005-05-23 06:57:07 201.7.175.11 - 10.0.0.2 80 GET /forum1/ - 404
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
2005-05-23 06:57:16 201.7.175.11 - 10.0.0.2 80 GET /forum2/ - 404
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
2005-05-23 06:57:16 201.7.175.11 - 10.0.0.2 80 GET /forum4/ - 404
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
2005-05-23 06:57:20 201.7.175.11 - 10.0.0.2 80 GET /forum3/ - 404
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
2005-05-23 06:57:24 201.7.175.11 - 10.0.0.2 80 GET /foros/ - 404
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
2005-05-23 06:57:24 201.7.175.11 - 10.0.0.2 80 GET /msgboard/ - 404
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
2005-05-23 06:57:29 201.7.175.11 - 10.0.0.2 80 GET /boards/ - 404
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
2005-05-23 06:57:29 201.7.175.11 - 10.0.0.2 80 GET /comunity/ - 404
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
2005-05-23 06:57:30 201.7.175.11 - 10.0.0.2 80 GET /portal/ - 404
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
2005-05-23 06:57:34 201.7.175.11 - 10.0.0.2 80 GET /discussion/ - 404
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
2005-05-23 06:57:34 201.7.175.11 - 10.0.0.2 80 GET /education/ - 404
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
2005-05-23 06:57:36 201.7.175.11 - 10.0.0.2 80 GET /html/forum/ - 404
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
2005-05-23 06:57:40 201.7.175.11 - 10.0.0.2 80 GET /html/forums/ - 404
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
2005-05-23 06:57:40 201.7.175.11 - 10.0.0.2 80 GET /Forum/ - 404
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
2005-05-23 06:57:41 201.7.175.11 - 10.0.0.2 80 GET /Forums/ - 404
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
2005-05-23 06:57:41 201.7.175.11 - 10.0.0.2 80 GET /bb/ - 404
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
2005-05-23 06:57:45 201.7.175.11 - 10.0.0.2 80 GET /ugboard/ - 404
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
2005-05-23 06:57:45 201.7.175.11 - 10.0.0.2 80 GET /ugboards/ - 404
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
2005-05-23 06:57:53 201.7.175.11 - 10.0.0.2 80 GET /newboard/ - 404
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
2005-05-23 06:57:57 201.7.175.11 - 10.0.0.2 80 GET /newboards/ - 404
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
2005-05-23 06:57:57 201.7.175.11 - 10.0.0.2 80 GET /members/phpBB/ - 404
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
2005-05-23 06:57:58 201.7.175.11 - 10.0.0.2 80 GET /members/phpBB2/ - 404
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
2005-05-23 06:57:58 201.7.175.11 - 10.0.0.2 80 GET /members/phpbb/ - 404
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
2005-05-23 06:58:03 201.7.175.11 - 10.0.0.2 80 GET /portal/forum/ - 404
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
2005-05-23 06:58:03 201.7.175.11 - 10.0.0.2 80 GET /portal/forums/ - 404
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
2005-05-23 13:44:07 67.104.84.66 - 10.0.0.2 80 GET /NULL.printer - 501 -
2005-05-23 13:44:07 67.104.84.66 - 10.0.0.2 80 GET /NULL.printer - 501 -

2005-05-24 09:34:03 218.2.240.36 - 10.0.0.2 80 GET
/x/maxwell/cgi-bin/prxjdg.cgi - 404
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0)

2005-05-27 07:35:32 68.55.175.241 - 10.0.0.2 80 GET
/cgi-bin/awstats/awstats.pl configdir=|%20id%20| 404
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98)
2005-05-27 07:35:34 68.55.175.241 - 10.0.0.2 80 GET /cgi-bin/awstats.pl
configdir=|%20id%20| 404 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98)
2005-05-27 07:35:36 68.55.175.241 - 10.0.0.2 80 GET /cgi/awstats.pl
configdir=|%20id%20| 404 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98)
2005-05-27 07:35:38 68.55.175.241 - 10.0.0.2 80 GET /iisstart.asp - 200
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98)
2005-05-27 23:03:31 62.128.195.149 - 10.0.0.2 80 GET
/cgi-bin/awstats/awstats.pl - 404
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98)
2005-05-27 23:03:31 62.128.195.149 - 10.0.0.2 80 GET /cgi-bin/awstats.pl -
404 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98)
2005-05-27 23:03:32 62.128.195.149 - 10.0.0.2 80 GET /cgi/awstats.pl - 404
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98)
2005-05-27 23:03:32 62.128.195.149 - 10.0.0.2 80 GET /awstats/awstats.pl -
404 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98)
2005-05-27 23:03:33 62.128.195.149 - 10.0.0.2 80 GET
/cgi-bin/stats/awstats.pl - 404
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98)
2005-05-27 23:03:33 62.128.195.149 - 10.0.0.2 80 GET /stats/awstats.pl - 404
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98)
2005-05-27 23:03:35 62.128.195.149 - 10.0.0.2 80 GET /awstats.pl - 404
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98)
2005-05-27 23:03:35 62.128.195.149 - 10.0.0.2 80 GET /cgi/stats/awstats.pl -
404 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98)

"David Copeland [MSFT]" <davidcop@online.microsoft.com> wrote in message
news:Oqwpj3SaFHA.2884@tk2msftngp13.phx.gbl...
>
> As a safety precaution can you put the internal nic on a hub by itself (or
> at least shutdown all internal client machines/servers) and unplug the
> external network cable and then reboot the server.. Does the
> problem occur? If not, then can you configure the server (ISA/firewall)
to
> not allow any inbound traffic to the server (for example, disable inbound
> packet filters, web publishing rules, and/or server publishing rules)..
Then
> plug in the external network cable and go to Windows Update and check to
> see if you are missing any critical updates! And/or any other critical
> updates. Might use something like MBSA to check the server as well.
>
>
> --
>
> Hope that helps,
> David Copeland
> Microsoft Small Business Server Support
>
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
>
> SBS Newsgroups:
>
> SBS v4.x: microsoft.public.backoffice.smallbiz
> SBS 2000: microsoft.public.backoffice.smallbiz2000
> SBS 2003: microsoft.public.windows.server.sbs
>
> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
> news:eT616FSaFHA.2124@TK2MSFTNGP14.phx.gbl...
> > From: "Fredly" <abc@email.com>
> >
> > Run a scan using the McAfee Command Line Scanner to see if there is
> > anthing SAV missed.
> >
> > You can run it in Normal Mode if you like if you don't want to bring
down
> > the server.
> >
> >
> > Dump the contents of the IE Temporary Internet Folder cache (TIF)
> > Start --> Settings --> Control Panel --> Internet Options --> Delete
Files
> >
> > Dump the contents of the Mozilla FireFox Cache { if you use FireFox }
> > Tools --> Options --> Privacy --> Cache --> Clear
> >
> >
> > Download CLEAN.EXE from the URL --
> > http://www.ik-cs.com/programs/virtools/clean.exe
> >
> > It is a self-extracting ZIP file that contains the Kixtart Script
> > Interpreter
> > { http://kixtart.org Kixtart is CareWare } three batch files, two
Kixtart
> > scripts, two Link
> > (.lnk) files and a PDF instruction file.
> >
> > GETFILES.BAT -- For downloading (FTP) the files needed to run the McAfee
> > Command Line
> > Scanner. You may have to disable your FireWall or allow FTP.EXE to go
> > through your FireWall
> > to allow the FTP utility to download the needed files
> >
> > CLEAN.BAT -- For running within Windows after running
> > c:\mcafee\GetFiles.BAT. If you choose
> > to scan again at a future date, run this batch file. It will
> > automatically check the date
> > of the McAfee DAT files and if it is a couple of days old, it will
> > download (FTP) the latest
> > signature files and install them before performing the scan.
> >
> > DOSCLEAN.BAT -- For use on a Win9x/ME PC or on a Win2K/WinXP PC that is
> > using FAT32 after
> > you have booted from an Emergency Boot Disk or DOS disk and have already
> > executed;
> > c:\mcafee\GetFiles.BAT from within Windows. DOS disk boot images can be
> > obtained from;
> > http://www.bootdisk.com/bootdisk.htm
> >
> > I need you to perform the following...
> >
> > Execute; CLEAN.EXE
> > Choose; Unzip
> > Choose; Close
> >
> > Execute; c:\mcafee\GetFiles.BAT
> > { or Double-click on 'GetFiles Link' in c:\mcafee }
> >
> > Reboot the PC into Safe Mode [F8 key during boot]
> >
> > Shutdown as many applications as possible !
> > It would also help for you to read - "How to perform a clean boot in
> > Windows XP"
> > http://support.microsoft.com/kb/310353
> >
> > Execute; c:\mcafee\CLEAN.BAT
> > { or Double-click on 'Clean Link' in c:\mcafee }
> >
> > A final report in HTML format called C:\mcafee\ScanReport.HTML will be
> > generated. At the
> > end of the scan, it will be displayed in your browser (Opera, FireFox or
> > Internet Explorer).
> > It is suggested that you move the report out of c:\mcafee before
> > performing another scan.
> > It would be a good idea to scan in Safe Mode and in Normal Mode and save
a
> > copy of the HTML
> > report for each session.
> >
> >
> > * * * Please report back your results * * *
> >
> >
> >
> >
> > --
> > Dave
> > http://www.claymania.com/removal-trojan-adware.html
> > http://www.ik-cs.com/got-a-virus.htm
> >
> >
>
>

Fredly
07-09-2005, 11:49 PM
So far so good since blocking port 80 and running patches...



"Fredly" <abc@email.com> wrote in message
news:#ACpFIRaFHA.2884@tk2msftngp13.phx.gbl...
> The system can not log you on due to the following error. The network
> request is not supported.
>
> Seems to be a rash of this problem in the last few days. Several people
> reference a virus, worm or bot.
>
> http://www.experts-exchange.com/Operating_Systems/Win2000/Q_21439641....
>
> http://www.experts-exchange.com/Operating_Systems/Win2000/Q_21443828....
>
> I'm having trouble with exchange errors and then the system itself. I
too,
> ran into this one time a few weeks ago, then nothing until 6/1. Now it's
> every few hours, hard boot, happens again.
>
> We run SAVCE 8.0 and it's defs are up to date.
>
> I going in to fight with this today. Anybody here anything new? I saw
> someone already called MS. Any luck??
>
>


The system can not log you on due to the following error. The network request is not supported.