Erractic Win2K behavior

[arunch]

Hello all,

We have around 200 Win2K Pro. desktops installed on our campus. The erratic behavior was first brought to our attention last fall, and then it re-appeared again earlier this year, and for the third time this past week.

The erratic behavior,
1. Spontaneous reboots. The user can be in any application and the system will simply restart.

2. Losing mapped network drives.

Next, the reason I mentioned the specific times is because, it was then that the campus, faculty, staff and students machines were hit hard by viruses. Blaster in the fall, MyDoom at the start of this year and this week, Bagel and Netsky.

When we have infected computers on our network, Win2K pcs exhibit the above behaviors. These erratic pcs *are not* infected with the virus. When we do finally eradicate the virus from our internal network, these pcs are stable again.

Anyone have any ideas as to what's going on and what it is that we could do?

TIA

Chelvan.

 

[NTesla]

Number one thing and best thing is infest in a good AntiVirus Software and or a good Firewall. If you are getting that many infections in a short amout of time it sounds like you have no protection. Also make sure that none of the students or staff are using file sharing programs such as kazara and these are nortorius for virus. If you are running a antivirus software make sure the definitions are up to date, if they are not update it is like having no protection at all

When you have an infected machine remove it from the network until you are sure it is clean again.

See if the machines that are infected develop a pattern. IE the same system or group of systems are getting infected, who are using the infected machines etc.

Do you have logging enabled on your server(s), you should, they enable by default. View your logs and see what turns up there.

Hope this helps. Need any more help let me know

 

[bcastner]

thread779-781235

 

[arunch]

We have updated the scan engine to version (Netshield 4320) that will catch the virus at the mail server.

We also are cutting off infected pcs from the network. But at the beginning of the outbreak we had trouble keeping up with them.

The ideal solution would have been to have the mail-server catch the virus, but we held off on installing the newer scan engine because the were reports that it crashed the mail server every hour or so. Eventually we found out that the mail server version that we have (Netmail 3.10f), has that issue resolved.

So we should be back to "normal" by the end of this week.

However, our question is still, what causes the Win2K pcs to spontaneously reboot? Is it the virus traffic, a particular patch that's lacking, ....? Because these pcs are not infected with any virus, they have been patched with Service pack 4, and all the security and critical patches, no spyware (Spybot and Adaware came up clean), so what is it? If it's the virus traffic, what can we do to protect these Win2K machines against it?

You know there'll be another outbreak .... sigh.

 

[Cervantes]

It's a long shot, but...
Are the machines set to "automatically reboot" instead of "display blue screen"? If they are, I've heard reports (though not seen myself) that high network traffic on a hubbed network with repeated transmission errors can cause some network card drivers to crash. If your machines are set to automatically reboot on crash, that would do it.
Why not take a lab and change them all to show blue screens (System Properties/Performance/Automatically reboot checkbox, if i recall right), and see what happens. Like I said, it's a long shot on an unsubstantiated rumour, but it's worth a shot.

 

[arunch]

Thanks for the feedback. I've gotten a couple of willing users on campus who allowed us to uncheck the "automatically reboot" option. They were going to pass on the blue screen messages to us. Hopefully we get something useful from it.

Thanks again!