Re: ntoskrnl.exe issue

From: Chuq Yang (chuq@bigfoot.com)
Date: 08/30/01


Date: Thu, 30 Aug 2001 10:43:40 -0700 (PDT)
From: Chuq Yang <chuq@bigfoot.com>
To: <incidents@securityfocus.com>
Subject: Re: ntoskrnl.exe issue
Message-ID: <Pine.LNX.4.33L2.0108301038490.6708-100000@grace.speakeasy.net>

We had this happen to a laptop of ours, that was running W2K Advanced server
(don't ask me why it was running server ;), and upon installing the security
patch for Code Red, we got the same ntoskrnl error. What we did to rectify this
was start the install process of W2K again (I'm assuming that the SBS version
will work as well), and select the *repair* entry. This is what I did, but it
was not a production system, and it worked, so be aware that if you do choose to
take this route, you may lose your data. (Hint: It's probably an issue with the
boot.ini file in the root of your C: drive.)

Chuq
chuq@speakeasy.net

On Thu, 30 Aug 2001, R M wrote:

> All
>
> We have a w2k small business server installed with Exchange 2000, ie 5.5,
> ISA 2000 [acting as a proxy server + packet filter], webshield & netshield
> 4.5.
>
> The ISA packet filter was configured to permit outbound http and two way
> smtp traffic. 2 of our servers crashed yesterday afternoon and we are now
> receiving error messages about the ntoskrnl.exe is missing or corrupt.
>
> This is odd considering the two servers went down at similar times in two
> different remote locations.
>
> The anti-virus software was bang up-to-date with the latest engine and dat
> files but I still think this may be some sort of vulnerability - can any one
> help please?
>
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
>
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
>
>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com