Re: Unexpected shutdowns!
From: mosquito_hippy (mosquitohippy_at_discussions.microsoft.com)
Date: Wed, 11 May 2005 07:56:13 -0700
This is weird, i have a pc which is having "unexpected shutdowns", i guessed
that would be a hardware related problem but i did take notice of an event on
that machine, it reports an 4356 event something about COM+, well, i started
a search for this event and i found this messages.
Even so i haven't found nothing related in this thread to that event could
you explainme how is i hit this messages through the search?
"Steven L Umbach" wrote:
> I agree with Chris. You could try and track down what is going on with free
> tools such as these from SysInternals including TCPView, Process Explorer,
> Autoruns, Rootkit Revealer, etc but your best bet is to consider a clean
> install from a formatted system drive. Such an approach often saves time in
> the long run as often users spend days or weeks trying to avoid a reinstall
> that may take half a day or less and the hacker may be monitoring the
> network the whole time capturing sensitive data. However unless you take
> steps to prevent such a hack attack again you may suffer the same fate again
> over and over. You need to make sure the system and network is hardened
> which at minimum means a properly configured firewall that does not use
> default configuration password, enable auditing of logon events, physical
> security, security update patching, antivirus that stays updated and scans
> all emails, disabling unneeded services, Internet Explorer hardening, and
> enforcing complex passwords. The free Microsoft Baseline Security Analyzer
> can help check your computers for basic vulnerabilities. The links below may
> help. --- Steve
> http://www.microsoft.com/technet/security/tools/mbsahome.mspx --- MBSA
> http://www.microsoft.com/smallbusiness/gtm/securityguidance/hub.mspx --
> Small Business security guidance
> -- Anti Virus in Depth Defense guide. Excellent reading.
> --- W2K Security Hardening Guide
> http://www.microsoft.com/technet/Security/topics/serversecurity.mspx ---
> Technet Security
> http://www.sysinternals.com/ --- SysInternals
> "steve" <firstname.lastname@example.org> wrote in message
> >I recently noticed that an unauthorized hacker accessed my win2000 server.
> > Now I am experiencing system shutdowns at least once a day. Power is
> > still
> > on, but the system is shut down including the nic card. There is not
> > hibernate or standby available on this computer. All critcal updates
> > were
> > current before the time of attack last week. My event viewer indicates
> > the
> > times of the unexpected system shutdowns. Side note: since I have screen
> > lock on the power is not completing shutting off at those times.
> > Questions: Is it possible that a remote shutdown program could have been
> > installed by the hacker? Can I remove it with out having to reinstall
> > the
> > O/S?
> > Thanks in advance,
> > Steve