NT Auth/Security shutting down

J

James

The following appears in my event log. This usually
happens when online and is followed by another message
(shown further down) and then the PC restarts after a
countdown from 1 minute.?

AMLI: ACPI BIOS is attempting to read from an illegal IO
port address (0x71), which lies in the 0x70 - 0x71
protected address range. This could lead to system
instability. Please contact your system vendor for
technical assistance.


The COM+ Event System detected a bad return code during
its internal processing. HRESULT was 800706BA from line
44 of d:\nt\com\com1x\src\events\tier1
\eventsystemobj.cpp. Please contact Microsoft Product
Support Services to report this error.
 
R

Rick \Nutcase\ Rogers

Hi James,

When the shutdown warning appears, click start/run and enter "shutdown -a"
to halt the process. It's a virus called blaster or lovesan. Information:

http://www.kellys-korner-xp.com/xp_qr.htm#rpc
http://www.pchell.com/virus/msblast.shtml
http://vil.nai.com/vil/content/v_100499.htm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html
http://www.bigblackglasses.com/Article.aspx?Article=342

You need the patch described here to protect against it:

MS03-039: A Buffer Overrun in RPCSS Could Allow an Attacker to Run Malicious
Programs
http://support.microsoft.com/?kbid=824146

Problem is, you needed to install the patch BEFORE you got infected to avoid
it.

--
Best of Luck,

Rick Rogers aka "Nutcase" MS-MVP - Win9x
Windows isn't rocket science! That's my other hobby!

Associate Expert - WinXP - Expert Zone
 
M

Michael Solomon \(MS-MVP Windows Shell/User\)

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top