M
mikep
This is yet another case of the computer shutting itself down and then
restarting. The symptoms are similar but not identical to what others have
reported as being associated with a worm/virus. However there are I think a
couple of twists. The first is that the problem started right after I
installed additional ram. The second is that I always run up to date
anitvirus software (norton) and keep my operating system updated, so would
have expected to be protected. I apologise for the long post, but didn't
feel I could explain the issue with fewer words. Any advice would be
appreciated.
Mike P.
Sequence of events:
1. Last night I installed additional ram (512MB) bringing the total to 768
on one of the 3 machines on my home network.
2. The initial boot of the machine did not go well. The changed memory was
recognized but then the machine wanted to start in safe mode. It did, but
was not stable so I shut down and reseated the memory module. Then restarted
and all appeared well.
3. Shortly thereafter my son was surfing the net and the machine shut down
and restarted for no evident reason and without warning.
4.On restart I ran a virus scan - reported clean.
5. No further sign of trouble until this morning; the machine was idling and
shut itself down and restarted.
6. When I investigated the machine I found an error window stating there was
a problem with lsass.exe, something about error code 128, something about
unable to write an instruction and was counting down to restart. (Which it
did before I had a chance to copy the complete message)
7. I got worried and took out the new ram module and replaced the old ram
module (now back to total of 512MB).
8.Things seemed normal, then I got email addressed to me that appears to be
from my ISP's mail server with the subject line "MAILER-DAEMON Returned
mail: User unknown".
The body of the email includes an email addressed to somebody in my address
book that I did not send an email to. It also contains the line
"Received-From-MTA: DNS; dgw18l31". This is the name of one of the computers
on my home network, I don't know how this information could have gotten on
this email message.
Also and I think rather odd, the message says "Arrival-Date: Thu, 30 May
2002" (it was received today 22 Nov 2003).
10. I've checked all three computers following the instructions on
Symantec's website and for additional safety ran Trend's Housecall as well -
all clean. Norton Internet Security and WindowsXP are current on all 3
machines.
11. I have had no further problems all day, however am concerned about this
odd behaviour. I've researched as much as I can, it seems obvious this
behavious is consistent with a worm, and have tried a number of the
suggestions in this newsgroup. So far I've found no further evidence of
infection.
restarting. The symptoms are similar but not identical to what others have
reported as being associated with a worm/virus. However there are I think a
couple of twists. The first is that the problem started right after I
installed additional ram. The second is that I always run up to date
anitvirus software (norton) and keep my operating system updated, so would
have expected to be protected. I apologise for the long post, but didn't
feel I could explain the issue with fewer words. Any advice would be
appreciated.
Mike P.
Sequence of events:
1. Last night I installed additional ram (512MB) bringing the total to 768
on one of the 3 machines on my home network.
2. The initial boot of the machine did not go well. The changed memory was
recognized but then the machine wanted to start in safe mode. It did, but
was not stable so I shut down and reseated the memory module. Then restarted
and all appeared well.
3. Shortly thereafter my son was surfing the net and the machine shut down
and restarted for no evident reason and without warning.
4.On restart I ran a virus scan - reported clean.
5. No further sign of trouble until this morning; the machine was idling and
shut itself down and restarted.
6. When I investigated the machine I found an error window stating there was
a problem with lsass.exe, something about error code 128, something about
unable to write an instruction and was counting down to restart. (Which it
did before I had a chance to copy the complete message)
7. I got worried and took out the new ram module and replaced the old ram
module (now back to total of 512MB).
8.Things seemed normal, then I got email addressed to me that appears to be
from my ISP's mail server with the subject line "MAILER-DAEMON Returned
mail: User unknown".
The body of the email includes an email addressed to somebody in my address
book that I did not send an email to. It also contains the line
"Received-From-MTA: DNS; dgw18l31". This is the name of one of the computers
on my home network, I don't know how this information could have gotten on
this email message.
Also and I think rather odd, the message says "Arrival-Date: Thu, 30 May
2002" (it was received today 22 Nov 2003).
10. I've checked all three computers following the instructions on
Symantec's website and for additional safety ran Trend's Housecall as well -
all clean. Norton Internet Security and WindowsXP are current on all 3
machines.
11. I have had no further problems all day, however am concerned about this
odd behaviour. I've researched as much as I can, it seems obvious this
behavious is consistent with a worm, and have tried a number of the
suggestions in this newsgroup. So far I've found no further evidence of
infection.