hello...i hope somebody could help me.our server in the office running Windows Server 2003 automatically shutdown everytime we use the command prompt.is there a way to correct this?thank you..

Do you get a STOP error before the server reboots? To have a better picture of the error, you can turn configure the system not to reboot during system crashes:1. Right-click My Computer then click Properties.2.Click the Advanced tab. 3. Under Startup and Recovery, click Settings. 4. Clear the Automatically restart check box, and click OK. 5. Restart your computer for the settings to take effect. Please note the error message that appears when you launch the CLI after doing these steps.Regards,Salvador Manaois III MCITP | Enterprise/Server Admin Bytes & Badz : http://badzmanaois.blogspot.com

Do you get the System Error with your Event Viewer?you can searching the Windows Server 2003 System Event with filiter, and paste any system error in it.Johnnie,Thanks.Johnny tu. The young guy livin china.

Hello,Random restarts can be caused from lot of issues. We will have to trouble shoot Step by Step 1)Please check the hardware compatibility and see if the hardware is on the Hardware Compatibility List (HCL): http://www.microsoft.com/whdc/hcl/default.mspx2)Update all the device drivers from the hardware vendors website and install the latest patches for Windows 2008 3)Please check the application compatibilityWindows Server 2008 Application Compatibility: http://msdn2.microsoft.com/en-us/windowsserver/cc148992.aspx4)Perform clean boot to block effects caused by third-party services and application. A. Click Start | Run and type "msconfig" (no quotes) and press enter. B. Click services from the tab, check the check box of "Hide All Microsoft Service", and then click "Disable all" C. Click Startup from the tab, then click "Disable all" D. Click "OK" and follow the instructions to Restart Computer, after rebooting if you get a prompt dialog of System Configuration, please check the check box in the dialog and click "OK". Hope it helps Syed Khairuddin

hello and good day...thank you for the reply. i have followed your instructionsbut still the server shutdown every time the CLI is open.there are no event log that points to the automatic shutdown. this behaviour just started about a month ago. before, when using CLI is ok. is this a security feature of WinServer 2003?can i just restore the default security setting of WinServer 2003? How?

Hello, Thanks for getting back. There are some few viruses like MSBLAST.EXE and W32.Rontokbro@mm which has the feature to restart, disable registry and many more things. Please do refer the following link.http://www.symantec.com/security_response/writeup.jsp?docid=2005-092311-2608-99&tabid=2 Logon to Safe mode Disable System Restore (Windows Me/XP). Update the virus definitions. Run a full system scan. Delete any values added to the registry. You can also try Microsoft Windows Malicious Software Removal Tool http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=enHope it worksSyed Khairuddin

hello Syed,i have tried what you said. Microsoft Windows Malicious Software Removal Tool did not find anything. i can still open MSCONFIG, TASKMANAGER & REGEDIT, so this might not be MSBLAST.EXE or W32.Rontokbro@mm.hope you some other remedies. tnx

Does the system generate any memory/crash dump? If so, is it possible for you to upload this so we can run a debugger against it and check the instructions being run when the crash occurred.Regards,Salvador Manaois III MCITP | Enterprise/Server Admin Bytes & Badz : http://badzmanaois.blogspot.com

OK can go to command prompt and type shutdown -a C:\shutdown -a and check what happens Please let me know what happens Syed Khairuddin

i cannot use the command prompt cause it will automatically shutdown. when i run c:\windows\system32\shutdown.exe -a from the "&run" which is located at the start menu, nothing happened.the command prompt window opened and then closed.

Save this code to a .vbs file and execute it: 1 SetWshShell=WScript.CreateObject("WScript.Shell") 2 WshShell.Run"c:\windows\system32\shutdown.exe-a",1,tueSalvador Manaois IIIMCSE MCSA CEH MCITP | Enterprise/Server Admin Bytes & Badz : http://badzmanaois.blogspot.com

You can also try using a batch file Syed Khairuddin

Sal,when i run the script, its still the same. the CLI windows just opened & closed instantly.here's the system log event.Source: User32Event ID: 1074Description:The process winlogon.exe has initiated the power off of computer ETRACS (computer name) on behalf of user ETRACS\Administrator for the following reasons.No title for this reason could be found.Reason Code: 0x840000ffShutdown Type: power off

My gut feel tells me this could be caused by a malware. Can you please dump the registry info on your HKLM\Software\Microsoft\Windows\CurrentVersion\Run andHKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon keys? Check for other auto-starting entries and delete any unusual entry. Try running an up-to-date antivirus on the machine; run a full scan. Or you can post here a HijackThis log from the machine.Salvador Manaois IIIMCSE MCSA CEH MCITP | Enterprise/Server Admin Bytes & Badz : http://badzmanaois.blogspot.com

HijackThis Log File: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:25:06 PM, on 9/25/2008Platform: Windows 2003 SP1 (WinNT 5.02.3790)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: Normal Running processes:C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exeC:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exeC:\Program Files (x86)\MySQL\MySQL Server 5.0\bin\mysqld-nt.exeC:\WINDOWS\SysWOW64\ctfmon.exeC:\Program Files (x86)\USB Disk Security\USBGuard.exeC:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exeC:\Program Files (x86)\DNA\btdna.exeC:\Program Files (x86)\BitTorrent\bittorrent.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://yahoo.com/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localF2 - REG:system.ini: UserInit=userinit.exe,O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dllO4 - HKLM\..\Run: [USB Antivirus] "C:\Program Files (x86)\USB Disk Security\USBGuard.exe"O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\SHSTAT.EXE" /STANDALONEO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKeyO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor._exe"O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files (x86)\DNA\btdna.exe"O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLLO14 - IERESET.INF: START_PAGE_URL=C:\dell\homepage\dellhome.htmO15 - ESC Trusted Zone: http://*.mcafee.comO15 - ESC Trusted Zone: http://runonce.msn.comO15 - ESC Trusted Zone: http://*.windowsupdate.comO15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = iloilocity.localO17 - HKLM\System\CCS\Services\Tcpip\..\{E8B8C4A6-77F2-4EB4-B8E0-AF233A9CD35E}: NameServer = 192.168.0.1O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = iloilocity.localO23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exeO23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exeO23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exeO23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exeO23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing) --End of file - 6542 bytes

Hello everybody.... thank you for all of your help... i dont know what was the real problem & solution, but now our server is not having anymore errors. thank you all