System is shuttng down NT authority 60 seconds

I was upgrading a system and used my back up drive with
windows2000 fresh, no upgrades, no antivirus

I put it into the target computer and it boots up fine but
gets the message some file caused a shutdown and it will
shut down in 60 seconds. no command can stop it.

I figured something is hosed in the setup, so I deleted
the partition, resized it, put the brand new winXP CD in
there, let it format, install, now ? hours later its
finally going.

the network was connect the entire time and Ive got DSL

as its coming online? it gets microsoft crash notices,
send error report? yes. then it gets the SAME ERROR
MESSAGE, shutting down in 60 seconds, NT authority
something

I disconnected the network and now it hasnt happened for
10 minutes.

how do I connect to the internet if its going to shut me
down? Ive got the Verizon dsl install CD, so maybe it has
some new firewall thing??

is the shutdown thing some script? what is it exactly,
and how do I track down the culprit?? thanks

Similar to a post further down, as you are coming on line, it sounds like
you are being affected by the Sassar exploit, have a read of the following
site:

(Coutesy of Juptier Jones MVP)

http://www3.telus.net/dandemar/sasser.htm

Regards

Mike Bright MCP, MSP

e:mike.bright@brightweb.co.uk

Greetings --

As you haven't provided any specific details or error messages,
the following is the result of having to guess what your problem might
be. There are at least two possibilities:

1) If you connected the PC to the Internet without having first
enabled a firewall, without having first installed an antivirus
application with current virus definition files, and before installing
the KB828471 Hotfix, you're very likely to get infected from any of
the thousands of PCs on the Internet that are constantly broadcasting
the Blaster and/or Welchia worms. It only takes a few seconds of
exposure.

To stay on-line long enough to get the necessary updates, patches,
and removal tools, click Start > Run, and enter "shutdown -a" when the
next RPC countdown begins. This will abort the shut down. Also, make
sure you've enabled a firewall before starting, to preclude any more
intrusions while getting the updates/patches/tools.

MS04-012 Cumulative Update for Microsoft RPC-DCOM
http://support.microsoft.com/defaul...kb;en-us;828741

What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp

W32.Blaster.Worm a.k.a. W32/Lovesan.Worm
http://www.symantec.com/avcenter/ve...aster.worm.html

W32.Blaster.Worm Removal Tool
http://www.symantec.com/avcenter/ve...moval.tool.html

W32.Welchia.Worm a.k.a. W32/Nachi.Worm
http://securityresponse.symantec.co...lchia.worm.html

W32.Welchia.Worm Removal Tool
http://www.symantec.com/avcenter/ve...moval.tool.html

McAfee AVERT Stinger
http://us.mcafee.com/virusInfo/default.asp?id=stinger


2) You've apparently contracted the latest worm, W32.Sasser.Worm,
specifically designed to attack people who do not update their
computers promptly and who do not practice "safe hex." In other
words, like Blaster, this worm was developed and distributed _after_ a
patch for the vulnerability was announced and made publicly available.
Further, and also like Blaster, this worm could not affect any
computer whose user had taken the basic precaution of using a properly
configured firewall.

To stay on-line long enough to get the necessary updates, patches,
and removal tools, click Start > Run, and enter "shutdown -a" when the
next Shutdown countdown begins. This will abort the shut down. Also,
make sure you've enabled a firewall before starting, to preclude any
more intrusions while getting the updates/patches/tools.

What You should Know about the Sasser Worm and its Variants
http://www.microsoft.com/security/incident/sasser.asp

Microsoft Security Bulletin MS04-011
http://www.microsoft.com/technet/se...n/MS04-011.mspx

W32.Sasser.Worm
http://www.symantec.com/avcenter/ve...asser.worm.html

A tool is available to remove the Sasser worm variants
http://support.microsoft.com/defaul...kb;EN-US;841720

W32.Sasser.Worm Removal Tool
http://securityresponse.symantec.co...moval.tool.html

McAfee AVert Stinger Virus Removal Tool
http://vil.nai.com/vil/stinger/


Bruce Chambers
--
Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

You can have peace. Or you can have freedom. Don't ever count on
having both at once. - RAH


"Brad R" <anonymous@discussions.microsoft.com> wrote in message
news:0e0801c484e0$7d4ff7b0$a301280a@phx.gbl...
>I was upgrading a system and used my back up drive with
> windows2000 fresh, no upgrades, no antivirus
>
> I put it into the target computer and it boots up fine but
> gets the message some file caused a shutdown and it will
> shut down in 60 seconds. no command can stop it.
>
> I figured something is hosed in the setup, so I deleted
> the partition, resized it, put the brand new winXP CD in
> there, let it format, install, now ? hours later its
> finally going.
>
> the network was connect the entire time and Ive got DSL
>
> as its coming online? it gets microsoft crash notices,
> send error report? yes. then it gets the SAME ERROR
> MESSAGE, shutting down in 60 seconds, NT authority
> something
>
> I disconnected the network and now it hasnt happened for
> 10 minutes.
>
> how do I connect to the internet if its going to shut me
> down? Ive got the Verizon dsl install CD, so maybe it has
> some new firewall thing??
>
> is the shutdown thing some script? what is it exactly,
> and how do I track down the culprit?? thanks