Re: Unexpected shutdowns!

From: mosquito_hippy (mosquitohippy_at_discussions.microsoft.com)
Date: 05/11/05


Date: Wed, 11 May 2005 07:56:13 -0700

This is weird, i have a pc which is having "unexpected shutdowns", i guessed
that would be a hardware related problem but i did take notice of an event on
that machine, it reports an 4356 event something about COM+, well, i started
a search for this event and i found this messages.

Even so i haven't found nothing related in this thread to that event could
you explainme how is i hit this messages through the search?

"Steven L Umbach" wrote:

> I agree with Chris. You could try and track down what is going on with free
> tools such as these from SysInternals including TCPView, Process Explorer,
> Autoruns, Rootkit Revealer, etc but your best bet is to consider a clean
> install from a formatted system drive. Such an approach often saves time in
> the long run as often users spend days or weeks trying to avoid a reinstall
> that may take half a day or less and the hacker may be monitoring the
> network the whole time capturing sensitive data. However unless you take
> steps to prevent such a hack attack again you may suffer the same fate again
> over and over. You need to make sure the system and network is hardened
> which at minimum means a properly configured firewall that does not use
> default configuration password, enable auditing of logon events, physical
> security, security update patching, antivirus that stays updated and scans
> all emails, disabling unneeded services, Internet Explorer hardening, and
> enforcing complex passwords. The free Microsoft Baseline Security Analyzer
> can help check your computers for basic vulnerabilities. The links below may
> help. --- Steve
>
> http://www.microsoft.com/technet/security/tools/mbsahome.mspx --- MBSA
> http://www.microsoft.com/smallbusiness/gtm/securityguidance/hub.mspx --
> Small Business security guidance
> http://www.microsoft.com/technet/security/topics/serversecurity/avdind_0.mspx
> -- Anti Virus in Depth Defense guide. Excellent reading.
> http://www.microsoft.com/technet/security/prodtech/windows2000/win2khg/default.mspx
> --- W2K Security Hardening Guide
> http://www.microsoft.com/technet/Security/topics/serversecurity.mspx ---
> Technet Security
> http://www.sysinternals.com/ --- SysInternals
>
> "steve" <annakornakova@usta.com> wrote in message
> news:4EB76293-9326-4356-A890-F06AD7BCB56C@microsoft.com...
> >I recently noticed that an unauthorized hacker accessed my win2000 server.
> > Now I am experiencing system shutdowns at least once a day. Power is
> > still
> > on, but the system is shut down including the nic card. There is not
> > hibernate or standby available on this computer. All critcal updates
> > were
> > current before the time of attack last week. My event viewer indicates
> > the
> > times of the unexpected system shutdowns. Side note: since I have screen
> > lock on the power is not completing shutting off at those times.
> >
> > Questions: Is it possible that a remote shutdown program could have been
> > installed by the hacker? Can I remove it with out having to reinstall
> > the
> > O/S?
> > Thanks in advance,
> > Steve
> >
> >
>
>
>



Relevant Pages

  • RE: [Full-Disclosure] Insecurity in Finnish parlament (computers)
    ... > It is unlikely that all the computers have the same security ... > (both in TeliaSonera and in our parlament). ... Red herring. ...
    (Full-Disclosure)
  • Re: Basic Security Help
    ... a network is weak or no passwords followed by malicious user on your ... -- Use password policy to enforce strong passwords in the domain by enabling ... -- Be sure that computers are kept current of critical security updates from ... Windows Updates or using a SUS server to authorize and distribute security ...
    (microsoft.public.security)
  • RE: Why Easy To Use Software Is Putting You At Risk
    ... Can Easy To Use Software Also Be Secure ... Anyone who has been working with computers for a long time will have noticed ... because DNS does not configure properly or security permissions are relaxed ... guarantee that no one really knows for sure, not even Microsoft developers. ...
    (Security-Basics)
  • Re: Is complete home security possible?
    ... > If you are a gamer, some computer games will only run in administrator ... I have a clean disk image made from Norton Ghost, ... security issues to deal with to do it monthly, ... I have been using computers since 76, never had a virus on any of my ...
    (comp.security.firewalls)
  • Re: Basic Security Help
    ... > a network is weak or no passwords followed by malicious user on your ... Be sure to educate users of any pending changes to password policy ... > Windows Updates or using a SUS server to authorize and distribute security ... > network including how to isolate and repair infected computers. ...
    (microsoft.public.security)