TechSpot

Possible DCOM Corruption Issue

By kenwilsn
Aug 3, 2005
Topic Status:
Not open for further replies.
  1. We are a consultant / integration company working in the material handling distribution industry. And we're experiencing an unusal problem at one of our client site locations on 1 server (Compaq ML370, W2k Server SPk 4), 1 area controller industrial pc (Advantech 610, W2k Pro, SPK 3), and 2 work station pc's (Advantech Shoe box pc's, W2k Pro, SPK 3) that all talk to each other via DCOM to display updates to our graphic that is running running on the area controller pc.

    What is happening is that:

    - something on the area controller pc keeps disabling Dcom. Always after a reboot, and usually at some other inconsistent frequency.
    - When this happens, our graphic will crash when trying to connect to an OPCServer on that machine. The last log message says "TA_OPCServer connected, no status" It seems to be the "no status" part that causes the crash.
    - A file named 26h1w9k.exe then appears on the root C directory, and is launched after a reboot and gives a "NDVDM CPU instruction error, 16 bit app"
    - After a reboot, IE is launched and tries to go to a web site for. I do not have the URL right now, but we did clense the pc's for adware programs and the issue remains.
    - Sometimes re-enabling Dcom will get the graphic to work again. Sometimes after re-enabling after a re-boot, sometimes not at all (like this morning)
    - After the PC's were declared clean by IT, these symptons reappeared the instant Dcom was re-enabled.
    - The PC's run somewhat sluggishly. The "System" process is using up 20-40% of the CPU. Not all the time.
    - A virus scan of the C drive shows no virus found on one of the pc's this morning.

    I don't believe this is virus, because it is only ocurring on these pc's that are
    communicating via DCOM and virus protection software with the latest definitions are not finding anything.

    Any help towards shedding some light to this situation would be most appreciated. I can be reached directly at the contact information listed below.

    Thanks.

    Ken Wilson, MCSE
    Senior Consultant
    Tompkins Associates
    (W) 407.362.0394
    (C) 919.345.5360
    kwilson@tompkinsinc.com
  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 8,165

    Standard antivirus-programs like Norton don't catch too many baddies.
    If you think it's viruses or malware that cause your problems, try these links:

    To fix Trojans, see How to remove Trojans and its ilk!

    For virusus, hijackings, adware etc. go to this post, and follow the instructions EXACTLY, especially about UPDATING and HJT-location.
    How to remove Begin2Search/Coolwebsearch and Other Nasties

    Then see How to post your Hijackthis log-files as an attachment.

    It might also help to bring all PCs up to the same level of SP4, plus the recent rollup-update for W2K and whatever else M$ has dished out.

    That program 26h1w9k.exe is definitely an infection, see in here:
    http://www.geekstogo.com/forum/index.php?showtopic=47951&mode=linearplus

    Post your HJT-logs here if you like (only as attachments).
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.