NT Authority System Shutdown

[SC]

Recently shutdown sequences have initiated with "NT
Authority System Shutdown....in -- seconds".

I've already looked this up and the only solution applies
to Windows 2000, not XP Pro (which is what I'm running).

Any suggestions to fixing this...besides clicking
RUN "shutdown.exe -a" ? (When this "fix" is run, the
system stops the shutdown but then doesn't operate at 100%.

Answer to (e-mail address removed)

Thanks

 

[Bruce Chambers]

Greetings --

As you haven't provided any specific details or error messages,
the following is the result of having to guess what your problem might
be. There are at least two possibilities:

1) If you connected the PC to the Internet without having first
enabled a firewall, without having first installed an antivirus
application with current virus definition files, and before installing
the KB828471 Hotfix, you're very likely to get infected from any of
the thousands of PCs on the Internet that are constantly broadcasting
the Blaster and/or Welchia worms. It only takes a few seconds of
exposure.

To stay on-line long enough to get the necessary updates, patches,
and removal tools, click Start > Run, and enter "shutdown -a" when the
next RPC countdown begins. This will abort the shut down. Also, make
sure you've enabled a firewall before starting, to preclude any more
intrusions while getting the updates/patches/tools.

MS04-012 Cumulative Update for Microsoft RPC-DCOM
http://support.microsoft.com/default.aspx?scid=kb;en-us;828741

What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp

W32.Blaster.Worm a.k.a. W32/Lovesan.Worm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html

W32.Blaster.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

W32.Welchia.Worm a.k.a. W32/Nachi.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html

W32.Welchia.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.html

McAfee AVERT Stinger
http://us.mcafee.com/virusInfo/default.asp?id=stinger


2) You've apparently contracted the latest worm, W32.Sasser.Worm,
specifically designed to attack people who do not update their
computers promptly and who do not practice "safe hex." In other
words, like Blaster, this worm was developed and distributed _after_ a
patch for the vulnerability was announced and made publicly available.
Further, and also like Blaster, this worm could not affect any
computer whose user had taken the basic precaution of using a properly
configured firewall.

To stay on-line long enough to get the necessary updates, patches,
and removal tools, click Start > Run, and enter "shutdown -a" when the
next Shutdown countdown begins. This will abort the shut down. Also,
make sure you've enabled a firewall before starting, to preclude any
more intrusions while getting the updates/patches/tools.

What You should Know about the Sasser Worm and its Variants
http://www.microsoft.com/security/incident/sasser.asp

Microsoft Security Bulletin MS04-011
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

W32.Sasser.Worm
http://www.symantec.com/avcenter/venc/data/w32.sasser.worm.html

A tool is available to remove the Sasser worm variants
http://support.microsoft.com/default.aspx?scid=kb;EN-US;841720

W32.Sasser.Worm Removal Tool
http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.removal.tool.html

McAfee AVert Stinger Virus Removal Tool
http://vil.nai.com/vil/stinger/


Bruce Chambers
--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. - RAH

 

[NoNoBadDog!]

Have you been off the planet for awhile? Have you never hear of either the
BLASTER or SASSER worms? Are you not using antivirus for a reason?

Bobby

 

[Star Fleet Admiral Q]

As Bruce said, sounds like your PC is sick - it's caught a nasty
virus.

 

[Enrique]

That PC has caught the Influenza!.. either the American or the German
Influenza!....

---------------Original Message------------
"Star Fleet Admiral Q"

 

[Star Fleet Admiral Q]

ROTFL!!!!!

 

[Teresa1221]

I know I'm replying in an old topic, but this is exactly whats bee
happening on my computer. I've run all the virus scans and wor
remover tools and it says none of them are being found. I have no ide
what happened, I had McAffee running, but I know that the "QoolAid" wor
(?) got on my computer and maybe that started everything downhill. Ca
anyone suggest any other worms to scan for in 2006? Thanks


-
Teresa122

 

[MowGreen [MVP]]

Teresa1221,

Boot to Safe Mode with Networking:
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/boot_failsafe.mspx?

Get the latest definition files (update) for McAfee and then scan the
system from within Safe Mode.
If you still can get the malware removed suggest you post to one of
these reputable malware removal forums after first reading the
guidelines of the forum of your choice :

http://www.bleepingcomputer.com/forums/HijackThis_Logs_and_Analysis-f22.html
http://spywarewarrior.com/viewforum.php?f=2&sid=3ce3e4c9a40b25268d1bac3189d22184
http://forums.spywareinfo.com/index.php?showforum=44
http://castlecops.com/f67-Hijackthis_Spyware_Viruses_Worms_Trojans_Oh_My.html
http://forum.aumha.org/viewforum.php?f=30&sid=28b7de716b318feaf7b8d0b95dcd7ff0


MowGreen [MVP 2003-2006]
===============
*-343-* FDNY
Never Forgotten
===============