OT: Windows Disaster Time

[Aubrey McIntosh, Ph.D.]

Jim Thompson wrote:

On Thu, 21 Jul 2005 22:49:00 GMT, Joerg
notthisjoergsch@removethispacbell.net> wrote:

The reason I am thinking a re-install may be in the cards is that you
mentioned that Explorer crashes the system.


I've verified that Windows Explorer is indeed the culprit.

Did your test distinguish between the Windows Explorer file, and the new
icon and whatever file it references?

 

[JeffM]

...it reflects the fact that IIS is free whereas Apache isn't
Joel Kolstad

Got that backwards.

..
..

OK, ok, I don't REALLY know that IIS is inherently more secure than Apache,

If you have some time, the stats are available.

http://www.google.com/search?q=site:us-cert.gov+Exploits+Apache+OR+BIND+-filetypedf+intitle:Summary-of-Security&filter=0

Remember Vulnerability Note VU#713878 ?
http://www.google.com/search?&q=internet-explorer+june+2004+CERT
It was even covered by the national corporate [1] news media.
Some even pointed out **gasp** that it only affected *Microsoft
Windows*.

The advisory dealt with a flaw in MSIE
that combined with a flaw in IIS to make for a real mess.


[1] Notice that I didn't say "mainstream".

 

[Clint Sharp]

In message <9g40e11ogm9u6vkg8rrhu9u7lspkavc2bu@4ax.com>, Jim Thompson
<thegreatone@example.com> writes

I've got a blue screen issue...
So I get an error message, "Explorer (no surprise) has committed an
illegal" something or other, then I get a blue screen.

Turns out the machine still "talks", I'm running this message right
now by loading Agent using Task Manager.
If you can run Forte agent with task manager have you tried starting

Explorer again?

OS is Win2K.

Any ideas on how to fix?
Put the drive in another machine, make a complete backup of it, put it

back where it came from, then, from the task manager, run the last
service pack you installed (SP4 I hope unless you're running SQL
Personal). Providing this brings the machine back, you need to re-apply
all the hotfixes and scan the drives for errors.

No smart-ass remarks about Linux, PLEASE ;-)
None.
...Jim Thompson

--
Clint Sharp

 

[Joel Kolstad]

"JeffM" <jeffm_@email.com> wrote in message
news:1122057247.699163.90880@g43g2000cwa.googlegroups.com...

Joel Kolstad
...it reflects the fact that IIS is free whereas Apache isn't
Got that backwards.

Sorry, my bad.

Remember Vulnerability Note VU#713878 ?
http://www.google.com/search?&q=internet-explorer+june+2004+CERT
It was even covered by the national corporate [1] news media.
Some even pointed out **gasp** that it only affected *Microsoft
Windows*.

Is that the one where Microsoft had security patches out roughly a month
before the attacks started showing up, but of course many systems were
vulnerable because the system administrators hadn't bothered to apply them?

I suppose I would give you that you have to be _much_ more diligent about
security when running a Windows system than a *NIX system, in much the same
way that someone with a really fancy car needs to be a lot more diligent about
security than someone driving a clunker. (Not to imply that Apache is a
clunker, just that it's not as attractive to criminals as IIS.)

---Joel

 

[Fred Abse]

On Fri, 22 Jul 2005 08:41:52 -0700, Joel Kolstad wrote:

I'd say it reflects the fact that IIS is free whereas Apache isn't,

Isn't that the other way round?

--
"Electricity is of two kinds, positive and negative. The difference
is, I presume, that one comes a little more expensive, but is more
durable; the other is a cheaper thing, but the moths get into it."
(Stephen Leacock)

 

[Jim Thompson]

On 21 Jul 2005 22:08:40 -0700, "Glenn Gundlach" <stratus46@yahoo.com>
wrote:

snip
Yep, I can boot into safe mode, but what will that buy me?

...Jim Thompson
--
| James E.Thompson, P.E. | mens |
| Analog Innovations, Inc. | et |
| Analog/Mixed-Signal ASIC's and Discrete Systems | manus |
| Phoenix, Arizona Voice480)460-2350 | |
| E-mail Address at Website Fax480)460-2142 | Brass Rat |
| http://www.analog-innovations.com | 1962 |

I love to cook with wine. Sometimes I even put it in the food.


In Safe Mode I'm getting the same blank screen as in normal mode. yet
I can load any program via Task Manager.

...Jim Thompson
--
| James E.Thompson, P.E. | mens |
| Analog Innovations, Inc. | et |
| Analog/Mixed-Signal ASIC's and Discrete Systems | manus |
| Phoenix, Arizona Voice480)460-2350 | |
| E-mail Address at Website Fax480)460-2142 | Brass Rat |
| http://www.analog-innovations.com | 1962 |

I love to cook with wine. Sometimes I even put it in the food.

In Win XP there is 'SFC' System File Checker. I heard this from Leo
LaPorte's radio show. <sfc/scannow> checks system files and repairs as
needed. I just checked the Microsoft site and it does exist for Win 2K.
They also say it may overwrite hotfixes. But, it might restore the
broken explorer. Good luck.
GG

Is this built into Win2K or do I need to download it from somewhere?

...Jim Thompson
--
| James E.Thompson, P.E. | mens |
| Analog Innovations, Inc. | et |
| Analog/Mixed-Signal ASIC's and Discrete Systems | manus |
| Phoenix, Arizona Voice480)460-2350 | |
| E-mail Address at Website Fax480)460-2142 | Brass Rat |
| http://www.analog-innovations.com | 1962 |

I love to cook with wine. Sometimes I even put it in the food.

 

[Jim Thompson]

On Fri, 22 Jul 2005 20:19:23 +0100, Clint Sharp
<clint@clintsmc.demon.co.uk> wrote:

In message <9g40e11ogm9u6vkg8rrhu9u7lspkavc2bu@4ax.com>, Jim Thompson
thegreatone@example.com> writes
I've got a blue screen issue...
So I get an error message, "Explorer (no surprise) has committed an
illegal" something or other, then I get a blue screen.

Turns out the machine still "talks", I'm running this message right
now by loading Agent using Task Manager.
If you can run Forte agent with task manager have you tried starting
Explorer again?

Yes., and it still give the same error, "Explorer.exe error:
Instruction at location 0x.... can't read memory at 0x0000000" <- all
zeroes

OS is Win2K.

Any ideas on how to fix?
Put the drive in another machine, make a complete backup of it, put it
back where it came from, then, from the task manager, run the last
service pack you installed (SP4 I hope unless you're running SQL
Personal). Providing this brings the machine back, you need to re-apply
all the hotfixes and scan the drives for errors.

No smart-ass remarks about Linux, PLEASE ;-)
None.
...Jim Thompson

...Jim Thompson
--
| James E.Thompson, P.E. | mens |
| Analog Innovations, Inc. | et |
| Analog/Mixed-Signal ASIC's and Discrete Systems | manus |
| Phoenix, Arizona Voice480)460-2350 | |
| E-mail Address at Website Fax480)460-2142 | Brass Rat |
| http://www.analog-innovations.com | 1962 |

I love to cook with wine. Sometimes I even put it in the food.

 

[JeffM]

Put the drive in another machine, make a complete backup of it
Clint Sharp

Understand that this is NOT *cloning* the drive.
The Registry (as well as M$-fanagled pseudo-files) get left behind.

You may as well not bother to copy most of the contents
--just data directories.

Ghost, Aloha Bob, PC Relocator, etc. can make an image of the disk
INCLUDING Windoze stuff that a COPY operation won't.

 

[JeffM]

I suppose I would give you that you have to be _much_ more diligent
about security when running a Windows system than a *NIX system,
in much the same way that someone with a really fancy car
needs to be a lot more diligent about security
than someone driving a clunker.
(Not to imply that Apache is a clunker,
just that it's not as attractive to criminals as IIS.)
Joel Kolstad

Ah, and here we can mention
the old *Security through obscurity* chestnut.
Apache vs IIS is the **classic** example.[1]

You would think that with 70% of the market,
Apache WOULD be an attractive target.

It's NOT because Apache is far more secure BY DESIGN.
..
..
[1] BIND vs Microsoft DNS being the next in line.
(Has M$ EVER written ANYTHING with a modicum of security?)

 

[Clint Sharp]

In message <6kk2e1do0itsq5kvj36p8rps8oa2n02t4k@4ax.com>, Jim Thompson
<thegreatone@example.com> writes

If you can run Forte agent with task manager have you tried starting
Explorer again?

Yes., and it still give the same error, "Explorer.exe error:
Instruction at location 0x.... can't read memory at 0x0000000" <- all
zeroes
If you're happy that your hardware is good and your HDD is also good,

try the service pack trick below, it will replace explorer and key files
whilst re-writing their registry values without upsetting your installed
software, I include the backup stuff so you're aware that anything you
try whilst in this state could cause data loss but this trick has
repaired lots of 'faulty' or damaged installs for me without data loss
(My job, a software/hardware tech, I play with electronics now.)

OS is Win2K.

Any ideas on how to fix?
Put the drive in another machine, make a complete backup of it, put it
back where it came from, then, from the task manager, run the last
service pack you installed (SP4 I hope unless you're running SQL
Personal). Providing this brings the machine back, you need to re-apply
all the hotfixes and scan the drives for errors.

No smart-ass remarks about Linux, PLEASE ;-)
None.
...Jim Thompson


...Jim Thompson

--
Clint Sharp

 

[Joel Kolstad]

"JeffM" <jeffm_@email.com> wrote in message
news:1122069378.686105.105820@f14g2000cwb.googlegroups.com...

You would think that with 70% of the market,
Apache WOULD be an attractive target.

Uh, no. It's FAR more prestigious if some would-be hacker manages to bring
down part of the military-industrial complex that is Microsoft than if they
manage to mess up the lives of those daisies-in-gun-barrels programmers who
write Apache.

 

[Chuck Harris]

Jim Thompson wrote:

Yes., and it still give the same error, "Explorer.exe error:
Instruction at location 0x.... can't read memory at 0x0000000" <- all
zeroes

Have you installed a new program lately (eg. one boot sequence before
the problem occurred)?

It is highly unlikely that Explorer.exe got modified (and extremely easy
to check). It is very likely that some new program installed a new version
of some DLL that explorer relies apon.

In any case, if explorer.exe has been damaged, it should show up when you
do a scandisk.

-Chuck

 

[JeffM]

if explorer.exe has been damaged,
it should show up when you do a scandisk.
Chuck Harris

Surely you mean SFC.

 

[Jim Thompson]

On Fri, 22 Jul 2005 23:37:23 +0100, Clint Sharp
<clint@clintsmc.demon.co.uk> wrote:

[snip]

If you're happy that your hardware is good and your HDD is also good,
try the service pack trick below, it will replace explorer and key files
whilst re-writing their registry values without upsetting your installed
software, I include the backup stuff so you're aware that anything you
try whilst in this state could cause data loss but this trick has
repaired lots of 'faulty' or damaged installs for me without data loss
(My job, a software/hardware tech, I play with electronics now.)

[snip]
Any ideas on how to fix?
Put the drive in another machine, make a complete backup of it, put it
back where it came from, then, from the task manager, run the last
service pack you installed (SP4 I hope unless you're running SQL
Personal). Providing this brings the machine back, you need to re-apply
all the hotfixes and scan the drives for errors.

I have a 4-machine network. And the "sick" machine "talks" just ducky
across the network. Can I run a backup across the network?

...Jim Thompson
--
| James E.Thompson, P.E. | mens |
| Analog Innovations, Inc. | et |
| Analog/Mixed-Signal ASIC's and Discrete Systems | manus |
| Phoenix, Arizona Voice480)460-2350 | |
| E-mail Address at Website Fax480)460-2142 | Brass Rat |
| http://www.analog-innovations.com | 1962 |

I love to cook with wine. Sometimes I even put it in the food.

 

[The Real Andy]

On Thu, 21 Jul 2005 16:00:55 -0700, Jim Thompson
<thegreatone@example.com> wrote:

On Thu, 21 Jul 2005 22:49:00 GMT, Joerg
notthisjoergsch@removethispacbell.net> wrote:

Hello Jim,

I run a scan weekly, and Norton sits there scanning anything inbound,
so I don't _think_ it's a virus.

That should be a pretty good protection. It depends on the settings, IOW
what you are allowing Norton to bless WRT downloads etc. I also have a
HW firewall between the biz network and anything outside.

I also have a HW firewall (Barricade). I have Norton configured with
NO "blessings", all downloads must ask for my OK.


The reason I am thinking a re-install may be in the cards is that you
mentioned that Explorer crashes the system.

I've verified that Windows Explorer is indeed the culprit.

Assuming that is Windows
Explorer and not IE that can be serious because it is a fairly integral
part of Windows. A SW engineer at a client once told me that a broken
Windows Explorer is like driving around with a frayed timing belt.

Regards, Joerg

http://www.analogconsultants.com

I'm really not OS-savvy, so here goes the dumb question: Does an OS
re-install destroy all my installed programs? :-(

I can easily back-up everything, the network is working, and I have
ample drive space on other machines.

But I'd rather not have to re-install all the programs I own :-(

...Jim Thompson

There is one good thing that I regularly do, i back up with ghost.
THat way if it ever comes down to an OS re-install, i just pick up the
last good ghost image and away I go. I do weekly backups of work,
monthly images of the OS.

 

[rex]

On Fri, 22 Jul 2005 13:03:55 -0700, Jim Thompson
<thegreatone@example.com> wrote:

In Win XP there is 'SFC' System File Checker. I heard this from Leo
LaPorte's radio show. <sfc/scannow> checks system files and repairs as
needed. I just checked the Microsoft site and it does exist for Win 2K.
They also say it may overwrite hotfixes. But, it might restore the
broken explorer. Good luck.
GG

Is this built into Win2K or do I need to download it from somewhere?

Yes, it should be there. I just typed 'sfc /scannow' into my start/run
line and it started (I have win2K Pro).

 

[Paul Hovnanian P.E.]

Jim Thompson wrote:

[snip]

No smart-ass remarks about Linux, PLEASE ;-)

Get a Mac!

--
Paul Hovnanian mailtoaul@Hovnanian.com
------------------------------------------------------------------
"Si hoc legere scis nimium eruditionis habes."
(If you can read this, you're overeducated.)

 

[Michael A. Terrell]

"Paul Hovnanian P.E." wrote:

Jim Thompson wrote:

[snip]

No smart-ass remarks about Linux, PLEASE ;-)

Get a Mac!

--
Paul Hovnanian

What good would that do him? I have a pile of them waiting to be
scrapped.

--
Link to my "Computers for disabled Veterans" project website deleted
after threats were telephoned to my church.

Michael A. Terrell
Central Florida

 

[Chuck Harris]

Paul Hovnanian P.E. wrote:

Jim Thompson wrote:

[snip]


No smart-ass remarks about Linux, PLEASE ;-)


Get a Mac!

He's right, running linux, mac's finally become reliable.

 

[Steve Rush]

Chuck Harris wrote:

Paul Hovnanian P.E. wrote:
Jim Thompson wrote:

[snip]


No smart-ass remarks about Linux, PLEASE ;-)


Get a Mac!

He's right, running linux, mac's finally become reliable.

OS X isn't really based on Linux, but on FreeBSD, which is genuine
industrial-strength Unix, from Bell Labs via the University of California
at Berkely. UCB was one of the first Unix source licensees, and was the
first major fork in the Unix development tree. To be fair, there may not
be much of the original Unix code left in BSD. A full changelog from AT&T
Unix to FreeBSD 6 would, if printed out, probably require a truckload of
paper.