none
Server 2008 R2 X64 - Restarts while opening MMC!!!!!!!

    Question

  • Dear All,

    I am afraid my windows is infected!!

    On my Exchange Node 2 (Exchange 2010 DAG member) since a week, if I open any MMC (like for disabling local admin purpose) the server quickly restarts.! I almost scanned the server with differant Antivirus programs and malware detectors, they found few trojans or something I did a clean up from normal and safe mode.   Plus, in Task manager > users I am seeing a strange active RDP session from 'administrators$' through a unknown source host.   I went to  user profiles and deleted all profiles exept my admin profile.  Still even after cleaning, I can not open the MMC and sometimes the 'administrator$' is again appearing in the 'Users' tab.

    It's been a nightmare now, what are the quick actions to take considerring it as an Exchange node? 

    OS: Windows Server 2008 SP1 Ent X64.

    APP: Exchange 2010 Ent X64 SP1

    The server restarts immediately after opening an MMC..........please help!



    Wednesday, February 29, 2012 7:39 AM

Answers

All replies

  • Hello,


    Virus infection can cause any unexpected problems. For more information and support on virus infection issues,

    Please visit the Microsoft Virus Solution and Security Center for resources and tools to keep your PC safe and healthy. If you are having issues with installing the update itself, visit Support for Microsoft Update for resources and tools to keep your PC updated with the latest updates. 

    Also, as an Exchange server, it’s recommended that you post on Exchange sub-forum Anti-virus/Anti-spam

    Anti-virus/Anti-spam
    http://social.technet.microsoft.com/Forums/en-US/exchangesvrantivirusandantispam/threads


    When the system is clean, test in Safe Mode and Clean Boot to check if the problem is caused by a third-party service or startup item and let us know the result. Perform SFC (System File Checker) and In-place Upgrade to fix system corruption. (In-place Upgrade will scan and fix system files while keep your programs and data untouched).


    Thanks
    ZHANG


    Wednesday, February 29, 2012 8:31 AM
    Moderator
  • have you some errors in application event log (like event ID 1000)? If yes can you post in this thread?

    have you try to boot in safe mode and see if the shutdown continue when you open MMC?

    Hi,

    Marc

    Wednesday, February 29, 2012 9:23 AM
  • Hello,


    Virus infection can cause any unexpected problems. For more information and support on virus infection issues, I would suggest you call Microsoft PC Safety telephone number, 1-866-727-2338 (1-866-PCSAFETY). This service offers no-charge assistance for virus-related issues or questions.


    Also, as an Exchange server, it’s recommended that you post on Exchange sub-forum Anti-virus/Anti-spam

    Anti-virus/Anti-spam
    http://social.technet.microsoft.com/Forums/en-US/exchangesvrantivirusandantispam/threads


    When the system is clean, test in Safe Mode and Clean Boot to check if the problem is caused by a third-party service or startup item and let us know the result. Perform SFC (System File Checker) and In-place Upgrade to fix system corruption. (In-place Upgrade will scan and fix system files while keep your programs and data untouched).


    Thanks
    ZHANG

    Thanks Zhank.  I've posted this issue on the said forum.  The issue is same in safe mode as well, but now I noitce.  The shutdown message comes in fact when I open the computer management MMC.  Even From AD When I opened compmgmt.mmc for this exchange node, same thing happens.
    Wednesday, February 29, 2012 9:47 AM
  • have you some errors in application event log (like event ID 1000)? If yes can you post in this thread?

    have you try to boot in safe mode and see if the shutdown continue when you open MMC?

    Hi,

    Marc

    The issue is same in safe mode as well, but now I noitce.  The shutdown message comes in fact when I open the computer management MMC (it says the RPC service is unavailable and straight away pops up the reboot warning).  Even From AD When I opened compmgmt.mmc for this exchange node, same thing happens.

    No event I could find like 1000.  As long as I am not opening computer management, nothing goes wrong and the server works, replicates in the DAG.

    But the 'administrators$' session is found sometimes......I am doing my best...

    Help On..

    Wednesday, February 29, 2012 9:49 AM