Prev: Error code 000000ab
Next: RIS Client Install "inf file txtsetup.sif missing or corrupt"
From: BitBucket on 18 Feb 2006 02:21
Hello:

PROBLEM

When executing various commands in a DOS window or via Start | Run on a
Windows 2003 Server SP1 platform, there is a pop-up box with the error
message:

Title bar: ntvdm.exe - System error
Message: NTVDM encountered a hard error.
Options: Close | Ignore


In the System error log, there is an application pop information
message, as follows:
...................................................
Event Type: Information
Event Source: Application Popup
Event Category: None
Event ID: 26
Date: 2/17/2006
Time: 10:28:03 PM
User: N/A
Computer: MPX
Description:
Application popup: ntvdm.exe - System Error : NTVDM encountered a hard
error.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
...............................................

This problem was orginally encountered yesterday trying to run
regedit.exe from the Start | Run box. It was also confirmed trying to
run regedit.exe from a DOS window command prompt. However, regedit.exe
executed as espected when double-clicked with Windows Explorer from
C:\WINDOWS\regedit.exe. In addition, regedt32.exe executed as expected
without error from all three launch situations (Start | Run, DOS
command line and Windows Explorer).

I tested this with some neutral external DOS programs, like ping. I've
found that 'ping' and 'ping /?' and "ping www.yahoo.com" all generate
this error as well, when executed from the DOS command line. and from
Start | Run. The file "command" executes from the DOS command line,
but 'cmd' does not (it generates this error).

But it appears that when the offending command is enveloped in the
command environment, the program works. e.g., the command "command /c
ping www.yahoo.com" executes normally. So there appears to be
something wrong with the DOS environment, but I can't figure out what
it is

I have run the Windows File Protection Scan sfc.exe /scannow on the
system and all the files conform to the required versions (either
regular 2003 or SP1 2005).

The server is not a domain controller, and is on a LAN with a Windows
2000 Server. No Windows Terminal Services are running (that I know of),
and all anti-virus programs have been removed. I suspect this problem
is connected to a recent trial version of Kaspersky Anti-Virus for
Windows Servers v5 (trial version), but I don't have any direct
evidence of this, and I have subsequently uninstalled this program.
Autoexec.nt was modified, but has been restored to its original
condition. Autoexec.bat is zero-bytes.

I've pretty much exhausted all web-based resources with this one, so
any help would be appreciated.

-- Roy Zider

From: Pegasus (MVP) on 18 Feb 2006 06:15

"BitBucket" <file1301(a)cyberonic.com> wrote in message
news:1140247319.643179.134020(a)g14g2000cwa.googlegroups.com...
> Hello:
>
> PROBLEM
>
> When executing various commands in a DOS window or via Start | Run on a
> Windows 2003 Server SP1 platform, there is a pop-up box with the error
> message:
>
> Title bar: ntvdm.exe - System error
> Message: NTVDM encountered a hard error.
> Options: Close | Ignore
>
>
> In the System error log, there is an application pop information
> message, as follows:
> ..................................................
> Event Type: Information
> Event Source: Application Popup
> Event Category: None
> Event ID: 26
> Date: 2/17/2006
> Time: 10:28:03 PM
> User: N/A
> Computer: MPX
> Description:
> Application popup: ntvdm.exe - System Error : NTVDM encountered a hard
> error.
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
> ..............................................
>
> This problem was orginally encountered yesterday trying to run
> regedit.exe from the Start | Run box. It was also confirmed trying to
> run regedit.exe from a DOS window command prompt. However, regedit.exe
> executed as espected when double-clicked with Windows Explorer from
> C:\WINDOWS\regedit.exe. In addition, regedt32.exe executed as expected
> without error from all three launch situations (Start | Run, DOS
> command line and Windows Explorer).
>
> I tested this with some neutral external DOS programs, like ping. I've
> found that 'ping' and 'ping /?' and "ping www.yahoo.com" all generate
> this error as well, when executed from the DOS command line. and from
> Start | Run. The file "command" executes from the DOS command line,
> but 'cmd' does not (it generates this error).
>
> But it appears that when the offending command is enveloped in the
> command environment, the program works. e.g., the command "command /c
> ping www.yahoo.com" executes normally. So there appears to be
> something wrong with the DOS environment, but I can't figure out what
> it is
>
> I have run the Windows File Protection Scan sfc.exe /scannow on the
> system and all the files conform to the required versions (either
> regular 2003 or SP1 2005).
>
> The server is not a domain controller, and is on a LAN with a Windows
> 2000 Server. No Windows Terminal Services are running (that I know of),
> and all anti-virus programs have been removed. I suspect this problem
> is connected to a recent trial version of Kaspersky Anti-Virus for
> Windows Servers v5 (trial version), but I don't have any direct
> evidence of this, and I have subsequently uninstalled this program.
> Autoexec.nt was modified, but has been restored to its original
> condition. Autoexec.bat is zero-bytes.
>
> I've pretty much exhausted all web-based resources with this one, so
> any help would be appreciated.
>
> -- Roy Zider
>

You may have a corrupt command processor, cmd.exe.
I recommend you replace it with the one found on your
server installation CD.

BTW, there is no DOS under Windows server. DOS is
an operating system of its own. You probably meant the
"Command Prompt" when you said "DOS environment".

Windows server largely ignores c:\autoexec.bat. The file
Autoexec.nt is processed when you start a 16-bit
application such as debug.exe. However, regedit.exe and
ping.exe are 32-bit applications.


From: BitBucket on 18 Feb 2006 14:58
Pegasus:

Thanks for the suggestion, but cmd.exe does check against the SP1
source files. (This is part of the sfc./scannow validity check in any
case).

I realize DOS is a bit of an anachronism, even archaic in internet
time, but as you probably know most programs still refer to it, even
cmd.exe: "This program cannot be run in DOS mode." W2K3 refers to it
with the environment string "SESSIONNAME=Console". So there's some
leeway here, I guess.

Thanks again.

From: Pegasus (MVP) on 18 Feb 2006 15:58

"BitBucket" <file1301(a)cyberonic.com> wrote in message
news:1140292728.778437.239050(a)o13g2000cwo.googlegroups.com...
> Pegasus:
>
> Thanks for the suggestion, but cmd.exe does check against the SP1
> source files. (This is part of the sfc./scannow validity check in any
> case).
>
> I realize DOS is a bit of an anachronism, even archaic in internet
> time, but as you probably know most programs still refer to it, even
> cmd.exe: "This program cannot be run in DOS mode." W2K3 refers to it
> with the environment string "SESSIONNAME=Console". So there's some
> leeway here, I guess.
>
> Thanks again.
>

I recently dealt with a similar post that had a corrupted
command processor. The OP claimed that sfc.exe failed
to identify the corruption, and that he fixed the problem
by copying the file from his CD.


From: BitBucket on 19 Feb 2006 16:53
Pegasus:

How could this happen? Good question.

Yes, the server was protected, but not at the time I allowed the virus
in. I had been using Symantec, and have been very dissastisfied, first
with its false positives using its heuristics ("Bloodhound') detection.
And then with its failure to open or identify some poorly-formed zip
and rar files. So I went looking for a substitute.

And you know what the first recommendation is when installing another
AV product: remove or disable your existing AV product, if any. So I
uninstalled Symantec AV when I was wrestling with Kaspersky Anti-Virus
for Windows Servers 5. Not a pretty process, and I eventually
uninstalled it due to it not having a "scan for viruses" option
attached to the context menu of Windows Explorer (Servers version
doesn't have a GUI, as the tech support people characterize it) and too
many unanswered questions from tech support.

So as you might guess, somewhere during this messing around and testing
I stepped on this worm. It may actually have been caught by KAV, but
if it was its removal was incomplete and I never got a post about it
since the error and detection logs were either empty or non-functional
at the time. But I did trace it back, using various timelogs and such,
and did find the file -- something I had downloaded with eMule.

I'd like to fix this process once and for all, but as long as Symantec
gets beat in the ratings by KAV and others, and fails to update,
correct and enhance their products, I'll be switching until I get this
right.

 |  Next  |  Last
Pages: 1 2
Prev: Error code 000000ab
Next: RIS Client Install "inf file txtsetup.sif missing or corrupt"