Re: ntoskrnl.exe issue

From: Chuq Yang (chuq@bigfoot.com)
Date: 08/30/01


Date: Thu, 30 Aug 2001 10:43:40 -0700 (PDT)
From: Chuq Yang <chuq@bigfoot.com>
To: <incidents@securityfocus.com>
Subject: Re: ntoskrnl.exe issue
Message-ID: <Pine.LNX.4.33L2.0108301038490.6708-100000@grace.speakeasy.net>

We had this happen to a laptop of ours, that was running W2K Advanced server
(don't ask me why it was running server ;), and upon installing the security
patch for Code Red, we got the same ntoskrnl error. What we did to rectify this
was start the install process of W2K again (I'm assuming that the SBS version
will work as well), and select the *repair* entry. This is what I did, but it
was not a production system, and it worked, so be aware that if you do choose to
take this route, you may lose your data. (Hint: It's probably an issue with the
boot.ini file in the root of your C: drive.)

Chuq
chuq@speakeasy.net

On Thu, 30 Aug 2001, R M wrote:

> All
>
> We have a w2k small business server installed with Exchange 2000, ie 5.5,
> ISA 2000 [acting as a proxy server + packet filter], webshield & netshield
> 4.5.
>
> The ISA packet filter was configured to permit outbound http and two way
> smtp traffic. 2 of our servers crashed yesterday afternoon and we are now
> receiving error messages about the ntoskrnl.exe is missing or corrupt.
>
> This is odd considering the two servers went down at similar times in two
> different remote locations.
>
> The anti-virus software was bang up-to-date with the latest engine and dat
> files but I still think this may be some sort of vulnerability - can any one
> help please?
>
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
>
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
>
>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com



Relevant Pages

  • Re: [logs] nimda web server logs
    ... We were hit with 504 scans on one server, ... > For more information on this free incident handling, management ... > and tracking system please see: http://aris.securityfocus.com ...
    (Incidents)
  • Re: netbuie.exe, scorpionsearch.com and fastcounter.bcentral.com
    ... > server sessions here. ... For more information on this free incident handling, management ... and tracking system please see: http://aris.securityfocus.com ...
    (Incidents)
  • Re: New version of Code Red?
    ... this one came across every server in one class C yesterday from ... > For more information on this free incident handling, management ... > and tracking system please see: http://aris.securityfocus.com ...
    (Incidents)
  • Re: how often do 0-days REALLY happen?
    ... I was administering a Unix server and a particular IMAP ... I've since learned to install patches with high vulnerability quickly. ... For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ...
    (Incidents)
  • Process MAD.EXE (PID=2364). All Global Catalog Servers in use are not responding
    ... Exchange Server running Server 2003 and Exchange 2003 ... Email clients running Outlook 2003 ... After a Domain Controller is promoted to a Global ...
    (microsoft.public.exchange.connectivity)