|
|
Question : Info store came un mounted after w32.Hllw.gaobot virus can't resmount
|
|
Exchange 2000
After a quick infection, the info store became unmounted, and my m: drive was disconnected. when I tried to remount, I got the message that the db was corrupted. I ran eseutil /p /d and pointed them to another sever (lack of space) and ran it. It all ended perfectly. The DBs were fixed and defraged and were moved back over to the original location. I made back up of it and now have a reference point.
When I went to run ISinteg, I set it up like this -
c:\exchsrvr\bin>isinteg -s myname -fix -test alltests.
With the Info store service started, I get the :
Database for server : only databases marked as offline can be checked
Index Status Database name starage group name: First starage group 1 offline Private info store (name) 2 offline Public enter a number to select a db press enter
I press enter and say yes - I get:
Isinteg cannot initiate verification process please review log files for more info
Now, my databases reside on the E: drive, not the C: drive. not sure if that means anything.
If I turn the infostore service off, I get:
error: unable to get database information from the server. the reason could be either wrong server name or networking problems Isinteg quits now
If I try to moun the drive from ESM, I get the error:
An internal processing error has occured. Try restarting the exchange system manager or the microsoft exchange information store service or both.
When I started all of this, THe error I got on it was Database is corrupted and cannot be mounted.
the event I see every couple of minutes is: MSExchangeSA MAPI session 9175
The MAPI call 'OpenMsgStore' failed with the following error: The Microsoft Exchange Server computer is not available. Either there are network problems or the Microsoft Exchange Server computer is down for maintenance. The MAPI provider failed. Microsoft Exchange Server Information Store ID no: 8004011d-0526-00000000 Which brings me back to the original virus - It seem to have attaced the mapi.exe and changed it to Imapi.exe - which ran the memory to 100% - this was happening on all machines infected with this virus
So I think it is tied to this. The symantec and mcafee scans quarenteened this file, so I am not sure if it has altered the maoi.exe service or whatever in exchange.
Can any one help me figure this out.
Thank you
|
Answer : Info store came un mounted after w32.Hllw.gaobot virus can't resmount
|
|
Closed, 500 points refunded. Netminder Site Admin
|
|
|
|
|