I’m encountering a very perplexing issue across several machines here at work and I’m hoping someone might be able to point me in the right direction. Our main IT guy is on vacation, and I’m kind of the secondary go-to guy (I do the web development and most routine maintenance on the systems here) but I’m decidedly not a pro, just a fairly advanced user with a decent grasp of basic networking, Windows and computing in general.
I am pretty aggressive about running Spybot and Ad Aware, and we are running Symantec Anti-Virus Enterprise under a Managed Client model. I have done full scans on all affected machines with all these with no results.
PROBLEM: multiple programs (GSP Composer, MS Office, various Adobe products) cannot open files with the ‘open’ menu item - program freezes and often can’t even be killed in Task Manager. However, if you click on a file in Explorer, the appropriate program opens and attempts to open the file. At this point, it locks up, and again cannot be killed by TM. It generates a message saying "This program cannot be closed. It is being debugged…etc’
This issue is appearing on three Win 2000 pro machines, as well as a very similar issue on one XP machine. All these machines are running on their own workgroup and the issue seems isolated to the workgroup - no other systems in the company appear to be experiencing any issues.
I did spend most of last week sanitizing and cleaning up our lead designer’s machine - he tends to download rampantly and indiscriminately, and his machine was so loaded up with malware, trojans and hjiackers that I’m surprised it didn’t explode. I managed to get most everything out except a couple of search engine hijackers but was pulled off the problem once the machine was sort of working again to let him get back into the workflow (he’s swamped). :rolleyes:
I’m thinking whatever issue we’re having came from this machine - we maintain a local shared jobs drive (external HD) that is directly mounted on his machine.
I’d appreciate any pointers or directions I should be looking in. I’ve been googling open processes like crazy on these machines and I’m not seeing anything unusual.
I have had nothing but problems with Symantec/Norton products, to the point of recommending uninstalling them from every machine I work on. I had one yesterday that Norton had just been uninstalled (using Add/Remove Programs), and MS Word could no longer open Word .doc files. I ran the Norton Removal Tool, and the problem was solved.
I know it is difficult to remove Symantec AV in a corporate environment where they buy licenses for dozens of machines, but that is where I would start. Symantec/Norton is crap, frequently breaks and destroys the system it is running on.
Thanks for the tip, Fear Itself - I agree with you, we’ve really had some issues with Symantec. Unfortunately, as Senior Management spent quite a bit on the suite and attendant licenses, scrapping the system is not very likely without exhausting every other option. (and probably spending more than the cost of a new system on 3rd party techs and whatnot)
I wiped the local client and used Norton Removal, but unfortunately, the issue is still happening.
Dammit.
I was feeling pretty good about it being Norton - a quick uninstall and problem solved. But alas, twere not to be.
Not sure what you mean by that - was that a “nuke and pave” where you wipe the drive and load a new image on the PC? (I’m assuming you’re using images, rather than a regular “home style” installation of Windows and your applications.)
I’m not suspecting Symantec here. It’s sounding more like these machines have been so insanely overrun with malware to the point they’re irreversably damaged and a nuke and pave is the only valid option.
Sounds like that external drive also needs scrubbing.
Forgot to say - you can also try turning off debugging. It won’t stop the crashes, but it should at least make them faster. Right-click “My Computer” icon on the desktop, select Properties, click the Advanced tab, then click the Startup and Recovery button. Uncheck “Write an event to the system log” and “Automatically restart” and OK your way out. Ignore any errors about what might make it unable to create a debugging file, since you just told it not to do any debugging.
You’ve probably been hosed by a mal-spy-virus-ware thing but, a couple of questions …
Is it every file? Just some files? The same files on each machine? If it’s just some files is there anything in common with them?
Can you copy the files, could you open them in something else.
Are the files physically on the machine? Or on a network drive? Does taking the machines out of the workgroup help? What about disconnecting the network? What about running in safe mode?
It’s possible there’s a network issue which is causing the lockup (I’ve seen stuff lock up when it tries to get stuff off a network resources that’s unavailable – typically you can’t kill the program whilst it’s doing that).
I know this post is just more questions, sorry about that.
sorry, I was unclear - I actually isolated the machine off the network, and took the Symantec Client off the machine - not the OS or anything like that. Basically trying to see if was an issue triggered by the Symantec software (we’ve had similar issues in the past, although not to this extent.)
a variety of file types, certainly - vector files (.ai, .eps, .plt); word files (.doc & .txt) and bitmaps (.tif, .jpg)
This is on three different machines, all running Win2K Pro. The XP machines are doing ok, except for the one design machine, which is pretty well hosed.
Upon closer examination the only commonality is that almost none of the files are local - some are on the shared external drive mentioned earlier, and the Office files are on a share on our main network fileserver. However, when troubleshooting, I did experience the lock-up on files on my local machine, but on a secondary physical drive - not the primary drive where Windows and my program files are located.
I agree, but that only makes sense if the issue is only afffecting Win2K -
The XP machines are able to access both the shared drive and the server share.
Safe mode doesn’t help at all.
Not at all - Composer locks up on .ai & .eps files, notepad locks up on Word, Illustrator locks up on .plt files, etc.
Windows has crap file sharing. Often times all applications trying to do something simple will get stuck in some sort of a horrid domain server timeout loop, especially if the domain server doesn’t exist or is not available. I’ve had issues where Cygwin-based applications would get stuck for 30-50 seconds at a time every time they tried to access the filesystem if the laptops were docked but unplugged from the network (undocked worked fine). After trying everything I snooped around with a packet analyzer I discovered some strange attempt by WINDOWS to contact the login domain server that fails miserably and has to time out before letting the application continue.
I am not saying this is what’s going on, but the issue is probably because something is wrong with the domain, if you have one. My general advice is not to use Windows file sharing, especially if there is no domain. In my experience, two workgrouped XP machines with fresh installs not connected to the internet will still
a) Have at least 1000% overhead on file transfers.
b) Will see each other non-deterministically.
It does look like the issue is probably on each machine (rather than on the network) and the fact it’s on more than one points to infection of some sort (unless someones changed something on all of them recently).
Did the problem start on a Tuesday or Wednesday? Do you have the machines set to automatically take updates from MS? It’s possible they stuffed up the last patch, you could try unistalling that (not sure how, I’ve never had to do that).
Otherwise the next thing to do is get a clean machine (either a new one or reinstall one of the broken ones) up and running and see if it works and give it a while to see if it stops.
What groman says is true, windows gets very twictchy when it can’t contact network resources it expects to be there but I suspect that issue is the result of something else.
There are numerous websites that deal specifically with this type of problem. You’ll probably do much better with them - http://www.castlecops.com/ is a good site. If you download a copy of the freeware tool ‘HijackThis’ & run it on the affected machine(s), then upload the logs you should be able to get some fairly good analysis of what’s going on. No one can diagnose these types of issues blindly, I’m afraid.