This sounds awfully suspicious. Do you have a good backup of the volume in question?
Without knowing any more, and assuming I had a good backup, I'd try a simple reboot first. If that failed to correct the problem(s) I'd look to begin some serious malware / rootkit detection from multiple vendors. Just for giggles, what happens if you download the newest versions of the pstools to a brand new location? Can you run them from there? On Mon, Jun 7, 2010 at 7:56 PM, Mike Gill <[email protected]>wrote: > Wow, I opened a can of worms. In looking into an issue on my Win2K3 file > server, I found that I can’t run a certain application from the command line > that I can from Explorer. It exists in the Program Files folder and I’m > logged in as Administrator. The error message on the command line simply > says Access Denied. Procmon shows the event, and declares the following > results on the exe: Name Invalid, Invalid Parameter, Fast IO Disallowed, > Buffer Overflow. This runs from the GUI just fine, so I don’t think the > problem is with the exe. > > > > The next part (no idea if it’s related), is I tried running some other > commands in diagnosing the above dilemma that also don’t work. A few, but > not all of the Sysinternal PS utils don’t work. What’s more, is when I right > click and choose properties of one of the psutils that doesn’t work, the > security tab it non-existant. I can’t delete/move/rename the file either. > I’ve tried takeown, icacls, nothing let’s me do anything with it. One thing > that’s different fro the first issue is I can’t run them from the gui. Says > I don’t have permission either way. > > > > Chkdsk shows no errors. AV scans who no problems. The security tab is > visible on other items, just not the ones I’ve discovered so far with this > problem. The PS utils that don’t work, do work when run from another folder. > CMD.exe appears identical to same file on another server. In a few minutes I > will be able to take the server down as people go home. Then I can try an > offline delete. Any thoughts? Never seen this before. > > > > -- > Mike Gill > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
