1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Possible DCOM Corruption Issue

By kenwilsn
Aug 3, 2005
  1. We are a consultant / integration company working in the material handling distribution industry. And we're experiencing an unusal problem at one of our client site locations on 1 server (Compaq ML370, W2k Server SPk 4), 1 area controller industrial pc (Advantech 610, W2k Pro, SPK 3), and 2 work station pc's (Advantech Shoe box pc's, W2k Pro, SPK 3) that all talk to each other via DCOM to display updates to our graphic that is running running on the area controller pc.

    What is happening is that:

    - something on the area controller pc keeps disabling Dcom. Always after a reboot, and usually at some other inconsistent frequency.
    - When this happens, our graphic will crash when trying to connect to an OPCServer on that machine. The last log message says "TA_OPCServer connected, no status" It seems to be the "no status" part that causes the crash.
    - A file named 26h1w9k.exe then appears on the root C directory, and is launched after a reboot and gives a "NDVDM CPU instruction error, 16 bit app"
    - After a reboot, IE is launched and tries to go to a web site for. I do not have the URL right now, but we did clense the pc's for adware programs and the issue remains.
    - Sometimes re-enabling Dcom will get the graphic to work again. Sometimes after re-enabling after a re-boot, sometimes not at all (like this morning)
    - After the PC's were declared clean by IT, these symptons reappeared the instant Dcom was re-enabled.
    - The PC's run somewhat sluggishly. The "System" process is using up 20-40% of the CPU. Not all the time.
    - A virus scan of the C drive shows no virus found on one of the pc's this morning.

    I don't believe this is virus, because it is only ocurring on these pc's that are
    communicating via DCOM and virus protection software with the latest definitions are not finding anything.

    Any help towards shedding some light to this situation would be most appreciated. I can be reached directly at the contact information listed below.


    Ken Wilson, MCSE
    Senior Consultant
    Tompkins Associates
    (W) 407.362.0394
    (C) 919.345.5360
  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Standard antivirus-programs like Norton don't catch too many baddies.
    If you think it's viruses or malware that cause your problems, try these links:

    To fix Trojans, see How to remove Trojans and its ilk!

    For virusus, hijackings, adware etc. go to this post, and follow the instructions EXACTLY, especially about UPDATING and HJT-location.
    How to remove Begin2Search/Coolwebsearch and Other Nasties

    Then see How to post your Hijackthis log-files as an attachment.

    It might also help to bring all PCs up to the same level of SP4, plus the recent rollup-update for W2K and whatever else M$ has dished out.

    That program 26h1w9k.exe is definitely an infection, see in here:

    Post your HJT-logs here if you like (only as attachments).
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...