N T Authority\ System shutdown on Windows XP

  • Thread starter Macdonald Residence
  • Start date
M

Macdonald Residence

Recently purchased Windows XP and installed on a used
computer I purchased. Just about every time I connect to
the web within minutes a window opens with the message NT
Authority\ system. "System shutdown initiated by NT
Authority" Remote proceedure Call RPC service. The
computer proceeds to shut down. I don't have a clue about
this problem, any help out there. Thanks Don
 
P

Phil \(a.k.a. purplehaz\)

Always run a firewall and anti-virus programs on your computer at all times.



You are infected with the Blaster worm virus.



To stop the rebooting/shutdowns, right click on the task bar, choose task
manager, processes tab, look for msblast.exe. Highlight it and click end
process. Then turn on the xp firewall.

To turn on the firewall: control panel, network and internet connections,
network connections, right click your connection, properties, advanced tab,
check the protect my computer box. Do this as quickly as you can once the
desktop comes up. Then visit the sites below for the removal and patch info.

Symantec: removal info and removal tool
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html

Also make sure to follow the links to the Microsoft pages for the patch or
visit windows update for the patch after you remove it.

http://support.microsoft.com/?kbid=823980

http://www.microsoft.com/security/incident/blast.asp
 
G

Gordon

Macdonald Residence said:
Recently purchased Windows XP and installed on a used
computer I purchased. Just about every time I connect to
the web within minutes a window opens with the message NT
Authority\ system. "System shutdown initiated by NT
Authority" Remote proceedure Call RPC service. The
computer proceeds to shut down. I don't have a clue about
this problem, any help out there. Thanks Don
Click to expand...

if you click on "Search" and type in "rpc" in the Subject you will find at
LEAST 16 posts about this in the last couple of weeks.

Did we try that before posting? No.
 
M

mdshaffer

-----Original Message-----
Recently purchased Windows XP and installed on a used
computer I purchased. Just about every time I connect to
the web within minutes a window opens with the message NT
Authority\ system. "System shutdown initiated by NT
Authority" Remote proceedure Call RPC service. The
computer proceeds to shut down. I don't have a clue about
this problem, any help out there. Thanks Don
.
Click to expand...
 
C

Chuck

Recently purchased Windows XP and installed on a used
computer I purchased. Just about every time I connect to
the web within minutes a window opens with the message NT
Authority\ system. "System shutdown initiated by NT
Authority" Remote proceedure Call RPC service. The
computer proceeds to shut down. I don't have a clue about
this problem, any help out there. Thanks Don
Click to expand...

Don,

Apparently, your computer is now infected with the W32.Blaster.Worm or one of
its variants. This happened because you have not been using an internet
connection firewall and have apparently neglected to install the critical
updates available from Microsoft.

If your computer is constantly attempting to shutdown or reboot:
Start - Run, type "shutdown -a", and hit Enter.
That should halt the reboot. Now fix the problem.

Immediately turn-on Windows XP's built-in Firewall:
http://www.microsoft.com/security/protect/

What You Should Know About the Blaster Worm:
<http://www.microsoft.com/security/incident/blast.asp>
<http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html>

And about the Welchia worm:
<http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html>

Download and install Security patch KB824146, available here:
http://support.microsoft.com/?kbid=824146#WinXP

Download and run the Blaster and Welchia worm removal tool (Windows 2K/XP):
<http://support.microsoft.com/default.aspx?scid=833330>

A security issue has been identified that could allow an attacker to
remotely compromise a computer running Microsoft Windows and
gain complete control over it. You can help protect your computer
by installing this update from Microsoft.
<http://www.microsoft.com/downloads/...6C-C5B6-44AC-9532-3DE40F69C074&displaylang=en>

A special note if you use AOL:

America Online installs its own connection settings that override
the ones that come with Windows XP. America Online's
connection settings don't include a way to turn on Windows XP's
built-in firewall.

Visit the following web site for instructions on downloading
a FREE firewall program for your computer.

Ref: http://www.updatexp.com/free.html

And please learn to munge your email address properly, to keep yourself a bit
safer when posting to open forums. Protect yourself and the rest of the
internet - never post your address unmunged.
<http://www.mailmsg.com/SPAM_munging.htm>

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
 
M

Marc Reynolds [MSFT]

B

Bruce Chambers

Greetings --

If you connected the PC to the Internet without having first
enabled a firewall, without having first installed an antivirus
application with current virus definition files, and before installing
the KB824146 Hotfix, you're very likely to get infected from any of
the thousands of PCs on the Internet that are constantly broadcasting
the Blaster and/or Welchia worms. It only takes a few seconds of
exposure.

To stay on-line long enough to get the necessary updates, patches,
and removal tools, click Start > Run, and enter "shutdown -a" when the
next RPC countdown begins. This will abort the shut down. Also, make
sure you've enabled a firewall before starting, to preclude any more
intrusions while getting the updates/patches/tools.

Microsoft Security Bulletin MS03-39
http://support.microsoft.com/?kbid=824146

What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp

W32.Blaster.Worm a.k.a. W32/Lovesan.Worm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html

W32.Blaster.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

W32.Welchia.Worm a.k.a. W32/Nachi.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html

W32.Welchia.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.html

McAfee AVERT Stinger
http://us.mcafee.com/virusInfo/default.asp?id=stinger


Bruce Chambers

--
Help us help you:




You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Remote Procedure Call (RPC) service is terminated Unexpectedly 8
NT AUTHORITY\SYSTEM error 5
System Shutdown NT Authority 1
NT Authority/System 2
N T Authority System 1
NT Authority Error 3
N T Authority System 3
XP Pro keeps shutting down 2

Top