nt authority shutdown

[Guest]

every 2-3 minutes my computer shuts down with the error:

your computer is about to be shut down . this shut down is initiated by nt
authority
c:\windows\system32\isass.exe
status code 1073741819

what is causing this?....

thanks

 

[Massimo]

every 2-3 minutes my computer shuts down with the error:

your computer is about to be shut down . this shut down is initiated
by nt authority
c:\windows\system32\isass.exe
status code 1073741819

what is causing this?....

The Sasser worm.
Turn on your firewall (or install any one you like) and apply SP2 and any
subsequent patch.

Massimo

 

[Carey Frisch [MVP]]

Your computer has suffered a serious security breach
and you now have a well-known "worm" residing in
your PC.

What You Should Know About the Sasser Worm
http://www.microsoft.com/security/incident/sasser.mspx

Microsoft Windows Malicious Software Removal Tool
http://www.microsoft.com/downloads/...E0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

3 Simple Steps to Help Ensure the Protection of Your PC
http://www.microsoft.com/athome/security/protect/default.aspx

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect Your PC!
http://www.microsoft.com/athome/security/protect/default.aspx

----------------------------------------------------------------------------

:

| every 2-3 minutes my computer shuts down with the error:
|
| your computer is about to be shut down . this shut down is initiated by nt
| authority
| c:\windows\system32\isass.exe
| status code 1073741819
|
| what is causing this?....
|
| thanks

 

[Guest]

how did I get that virus?....the computer has never been on line and the ony
disk thats ever been in it is windows xp pro instalation disk............??

 

[Guest]

thanks Carey...........I downloaded the removal tool and it didnt find
anything......
.......next?.............

 

[Massimo]

how did I get that virus?....the computer has never been on line

Are you sure?
The worm can install itself automatically through any network connection, if
it finds an unpatched machine. Either you caught it from an Internet
connection, or from a LAN one.
If the removal tool doesn't find anything, then the worm isn't running on
your computer, but it simply crashed LSASS.EXE when tried to attack your
computer. Any firewall (even the built-in one) will be a good workaround
until you do a full Windows Update.

Massimo

 

[David H. Lipman]

Install SP2 and *all* Critical Updates ASAP !

Please perform the following...

Obtain McAfee's virus and worm removal tool, Stinger: http://vil.nai.com/vil/stinger/

1) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
2) Reboot your PC into Safe Mode and shutdown as many applications as possible
3) Using McAfee Stinger, perform a Full Scan of your platform and clean/delete any
infectors found
4) Restart your PC and perform a "final" Full Scan of your platform
5) If you are using WinME or WinXP, Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
6) Reboot your PC.
7) If you are using WinME or WinXP, create a new Restore point

* * * Please report back your results * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html





| thanks Carey...........I downloaded the removal tool and it didnt find
| anything......
| ......next?.............

 

[Bruce Chambers]

every 2-3 minutes my computer shuts down with the error:

your computer is about to be shut down . this shut down is initiated by nt
authority
c:\windows\system32\isass.exe
status code 1073741819

what is causing this?....

thanks

You've apparently contracted the latest worm, W32.Sasser.Worm,
specifically designed to attack people who do not update their
computers promptly and who do not practice "safe hex." In other
words, like Blaster, this worm was developed and distributed _after_ a
patch for the vulnerability was announced and made publicly available.
Further, and also like Blaster, this worm could not affect any
computer whose user had taken the basic precaution of using a properly
configured firewall.

To stay on-line long enough to get the necessary updates, patches,
and removal tools, click Start > Run, and enter "shutdown -a" when the
next Shutdown countdown begins. This will abort the shut down. Also,
make sure you've enabled a firewall before starting, to preclude any
more intrusions while getting the updates/patches/tools.

What You should Know about the Sasser Worm and its Variants
http://www.microsoft.com/security/incident/sasser.asp

Microsoft Security Bulletin MS04-011
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

W32.Sasser.Worm
http://www.symantec.com/avcenter/venc/data/w32.sasser.worm.html

A tool is available to remove the Sasser worm variants
http://support.microsoft.com/default.aspx?scid=kb;EN-US;841720

W32.Sasser.Worm Removal Tool
http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.removal.tool.html

McAfee AVert Stinger Virus Removal Tool
http://vil.nai.com/vil/stinger/


--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH