"NT Authority/System" error

G

Guest

I have run XP Pro for some time on this computer with
very little trouble. I have just now tried to update to a
new HDD (WD Caviar SE 160GB). Through XP I copied every
directory and all the files it would (except for hidden,
read only and or in use by XP - including security logs,
etc.)
XP setup did not appriciate my effort, and deleted most
everything in the windows directory as well as in My
Documents, and did a new complete install, and it has
been activated, but not reregistered as I had already
registered this copy of XP.
Now the problem. I cannot go to Windows Update on the net
without the system shutting down shortly after the file
downloading starts on 16 critical updates. It always
states that the "NT Authority/System" (there might be
a "\" instead of a "/") is shutting the system down and
gives 60 seconds to save any work in progress. It claims
that there was a Remote Procedure Call(RPC)and the
service was terminated unexpectedly.

What is the problem? and how can it be fixed?
 
C

Carey Frisch [MVP]

Apparently, your PC is infected with the "Blaster Worm". Use the following
tools to remove it, then promptly update your PC with the Critical Updates
available form the Windows Update website.

If your computer is constantly attempting to shutdown
or reboot, quickly go to:

Start > Run and type: CMD , and hit enter.
This opens the Command Prompt window.

Then type: shutdown -a , and hit enter.

This should halt the rebooting problem.

------------------------------------------------------------------

Then immediately turn-on Windows XP's built-in Firewall:
http://www.microsoft.com/security/protect/

Special note if you use AOL:

America Online installs its own connection settings that override
the ones that come with Windows XP. America Online's
connection settings don't include a way to turn on Windows XP's
built-in firewall.

Visit the following web site for instructions on downloading
a FREE firewall program for your computer.

Ref: http://www.updatexp.com/free.html

A tool is available to remove Blaster worm and Nachi worm infections from computers
that are running Windows 2000 or Windows XP
http://support.microsoft.com/?kbid=833330

What You Should Know About the Blaster Worm and Its Variants
http://www.microsoft.com/security/incident/blast.asp

3 Steps to Help Ensure your PC is Protected
http://www.microsoft.com/security/protect/

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect your PC!
http://www.microsoft.com/security/protect/

----------------------------------------------------------------------------


|I have run XP Pro for some time on this computer with
| very little trouble. I have just now tried to update to a
| new HDD (WD Caviar SE 160GB). Through XP I copied every
| directory and all the files it would (except for hidden,
| read only and or in use by XP - including security logs,
| etc.)
| XP setup did not appriciate my effort, and deleted most
| everything in the windows directory as well as in My
| Documents, and did a new complete install, and it has
| been activated, but not reregistered as I had already
| registered this copy of XP.
| Now the problem. I cannot go to Windows Update on the net
| without the system shutting down shortly after the file
| downloading starts on 16 critical updates. It always
| states that the "NT Authority/System" (there might be
| a "\" instead of a "/") is shutting the system down and
| gives 60 seconds to save any work in progress. It claims
| that there was a Remote Procedure Call(RPC)and the
| service was terminated unexpectedly.
|
| What is the problem? and how can it be fixed?
 
B

Bruce Chambers

Greetings --

If you connected the PC to the Internet without having first
enabled a firewall, without having first installed an antivirus
application with current virus definition files, and before installing
the KB824146 Hotfix, you're very likely to get infected from any of
the thousands of PCs on the Internet that are constantly broadcasting
the Blaster and/or Welchia worms. It only takes a few seconds of
exposure.

To stay on-line long enough to get the necessary updates, patches,
and removal tools, click Start > Run, and enter "shutdown -a" when the
next RPC countdown begins. This will abort the shut down. Also, make
sure you've enabled a firewall before starting, to preclude any more
intrusions while getting the updates/patches/tools.

MS04-012 Cumulative Update for Microsoft RPC-DCOM
http://support.microsoft.com/default.aspx?scid=kb;en-us;828741

What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp

W32.Blaster.Worm a.k.a. W32/Lovesan.Worm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html

W32.Blaster.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

W32.Welchia.Worm a.k.a. W32/Nachi.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html

W32.Welchia.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.html

McAfee AVERT Stinger
http://us.mcafee.com/virusInfo/default.asp?id=stinger


Bruce Chambers

--
Help us help you:




You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

NT Authority System Shutdown 1
NT Authority 2
Windows xp "System Shutdown" message 3
Nt Authority\System shuts off computer HELP 2
NT Authority/System 2
NT Authority system 1
NT authority\System 2
nt authority system shutdown 4

Top