nt authority system

G

Guest

I have installed lavasoft adware. Wwhen I run for the first time the
computer then shuts down, which has been authorised by NT authority system.
The actual error message is:
WINDOWS MUST NOW RESTART BECAUSE THE DCOM SERVER PROCESS LAUNCHER SERVICE
TERMINATED UNEXPECTEDLY.

Everthing else appears to be okay.
 
C

Carey Frisch [MVP]

Visit http://www.lavasoftsupport.com/index.php?showtopic=55803

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect Your PC!
http://www.microsoft.com/athome/security/protect/default.aspx

----------------------------------------------------------------------------

:

| I have installed lavasoft adware. Wwhen I run for the first time the
| computer then shuts down, which has been authorised by NT authority system.
| The actual error message is:
| WINDOWS MUST NOW RESTART BECAUSE THE DCOM SERVER PROCESS LAUNCHER SERVICE
| TERMINATED UNEXPECTEDLY.
|
| Everthing else appears to be okay.
 
D

David H. Lipman

That means you are infected with non-viral malware. It is a self preservation scheme that
when you execute Adaware, the malware will shutdown the PC such that you don't get a chance
to remove it. I think that is pretty smart and I have run accross it a couple of times it
is certainly PITA !

However, you CAN overcome this self preservation attempt.

When you execute Adaware and you get the shutdown message, go to..

Start --> run
and type

shutdown -a

then hit the enter key. That should stop the shutdown sequence and allow you to clean the
system. The following is a set of instructions I suggest to help make that cleaning process
be effective as possible. Ignore the section about downloading Adaware unless you don't
have Adaware SE v1.05.

1) Download the following three items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend Pattern File.
http://www.trendmicro.com/download/pattern.asp

Adaware SE (free personal version v1.05)
http://www.lavasoftusa.com/

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download Sysclean.com and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt345.zip

Extract the contents of the ZIP file and place the contents in the same directory as
sysclean.com.

2) Update Adaware with the latest definitions.
3) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode and shutdown as many applications as possible
5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using both the
Trend Sysclean utility and Adaware
7) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) Create a new Restore point


* * * Please report your results ! * * *



--
Dave
http://www.claymania.com/removal-trojan-adware.html




| I have installed lavasoft adware. Wwhen I run for the first time the
| computer then shuts down, which has been authorised by NT authority system.
| The actual error message is:
| WINDOWS MUST NOW RESTART BECAUSE THE DCOM SERVER PROCESS LAUNCHER SERVICE
| TERMINATED UNEXPECTEDLY.
|
| Everthing else appears to be okay.
 
G

Guest

David,

i have follwed points 1-3 below; however have stumbled at point 4.

How do you reboot the computer into safe mode.

Also once i run the various programmes how do i know what to delete and what
not to delete ?

Any advice would be appreciated.

thanks

lozliz
 
D

David H. Lipman

WinXP Boot into Safe Mode --
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/boot_failsafe.mspx

How to perform a Clean Boot of WinXP --
http://support.microsoft.com/kb/310353

Generic Trojan, Spyware removal information --
http://www.claymania.com/removal-trojan-adware.html

Trend will automatically deleted viruses, worms and/or Trojans. Adaware will provide you
what it finds. You will have to check the box of the items it finds for it to clean those
items selected.
--
Dave




| David,
|
| i have follwed points 1-3 below; however have stumbled at point 4.
|
| How do you reboot the computer into safe mode.
|
| Also once i run the various programmes how do i know what to delete and what
| not to delete ?
|
| Any advice would be appreciated.
|
| thanks
|
| lozliz
|
| "David H. Lipman" wrote:
|
| > That means you are infected with non-viral malware. It is a self preservation scheme
that
| > when you execute Adaware, the malware will shutdown the PC such that you don't get a
chance
| > to remove it. I think that is pretty smart and I have run accross it a couple of times
it
| > is certainly PITA !
| >
| > However, you CAN overcome this self preservation attempt.
| >
| > When you execute Adaware and you get the shutdown message, go to..
| >
| > Start --> run
| > and type
| >
| > shutdown -a
| >
| > then hit the enter key. That should stop the shutdown sequence and allow you to clean
the
| > system. The following is a set of instructions I suggest to help make that cleaning
process
| > be effective as possible. Ignore the section about downloading Adaware unless you don't
| > have Adaware SE v1.05.
| >
| > 1) Download the following three items...
| >
| > Trend Sysclean Package
| > http://www.trendmicro.com/download/dcs.asp
| >
| > Latest Trend Pattern File.
| > http://www.trendmicro.com/download/pattern.asp
| >
| > Adaware SE (free personal version v1.05)
| > http://www.lavasoftusa.com/
| >
| > Create a directory.
| > On drive "C:\"
| > (e.g., "c:\New Folder")
| > or the desktop
| > (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
| >
| > Download Sysclean.com and place it in that directory.
| > Download the Trend Pattern File by obtaining the ZIP file.
| > For example; lpt345.zip
| >
| > Extract the contents of the ZIP file and place the contents in the same directory as
| > sysclean.com.
| >
| > 2) Update Adaware with the latest definitions.
| > 3) Disable System Restore
| > http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
| > 4) Reboot your PC into Safe Mode and shutdown as many applications as possible
| > 5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
| > platform and clean/delete any infectors/parasites found.
| > (a few cycles may be needed)
| > 6) Restart your PC and perform a "final" Full Scan of your platform using both the
| > Trend Sysclean utility and Adaware
| > 7) Re-enable System Restore and re-apply any System Restore preferences,
| > (e.g. HD space to use suggested 400 ~ 600MB),
| > 8) Reboot your PC.
| > 9) Create a new Restore point
| >
| >
| > * * * Please report your results ! * * *
| >
| >
| >
| > --
| > Dave
| > http://www.claymania.com/removal-trojan-adware.html
| >
| >
| >
| >
| > | > | I have installed lavasoft adware. Wwhen I run for the first time the
| > | computer then shuts down, which has been authorised by NT authority system.
| > | The actual error message is:
| > | WINDOWS MUST NOW RESTART BECAUSE THE DCOM SERVER PROCESS LAUNCHER SERVICE
| > | TERMINATED UNEXPECTEDLY.
| > |
| > | Everthing else appears to be okay.
| >
| >
| >
 
G

Guest

Dave,

I have completed 2 runs of trends sysclean, ad-ware & McAfee stinger twice
in safe mode. I have then run all three once in normal mode.
Ad Aware now runs without shutting down XP. It does identify about 200
items, which fall into the following categories.

Windupdates: 5 objects

Bargin Buddy: 90 objects

BlazeFind: 1 object

SahAgent: 30 objects

Search Relevancy: 13 objects

180 solutions: 45 objects

Radsol.Quadrogram: 1 object

Other: 7 objects

Are they all safe to delete? Any help would be appreciated.

Thanks

Lozliz
 
B

Bruce Chambers

lozliz said:
Dave,

I have completed 2 runs of trends sysclean, ad-ware & McAfee stinger twice
in safe mode. I have then run all three once in normal mode.
Ad Aware now runs without shutting down XP. It does identify about 200
items, which fall into the following categories.

Windupdates: 5 objects
Click to expand...

Sunbelt Spyware Research Center
http://research.sunbelt-software.com/threat_display.cfm?name=WindUpdates
Bargin Buddy: 90 objects
Click to expand...

Symantec Security Response - Adware.BargainBuddy
http://sarc.com/avcenter/venc/data/adware.bargainbuddy.html
BlazeFind: 1 object
Click to expand...

Symantec Security Response - Adware.BlazeFind
http://sarc.com/avcenter/venc/data/adware.blazefind.html
SahAgent: 30 objects
Click to expand...

Symantec Security Response - Adware.SAHAgent
http://sarc.com/avcenter/venc/data/adware.sahagent.html
Search Relevancy: 13 objects
Click to expand...

Symantec Security Response - Spyware.Relevancy
http://securityresponse.symantec.com/avcenter/venc/data/spyware.relevancy.html
180 solutions: 45 objects
Click to expand...

PC Hell: How to Remove Ncase from 180 Solutions
http://www.pchell.com/support/ncase.shtml
Radsol.Quadrogram: 1 object
Click to expand...

eTrust PestPatrol Pest Encyclopedia - Rads01.Quadrogram
http://www.pestpatrol.com/PestInfo/r/rads01_quadrogram.asp
Other: 7 objects

Are they all safe to delete? Any help would be appreciated.
Click to expand...

Wow! Do you collect spyware for a hobby? ;-} Yes, it's not only
safe, but highly advisable, for you to delete most of those. The "other"
category is too vague and a bit puzzling, though; leave those alone and
provide some specific details about them, if you can.

Then, you might want to learn a little bit about practicing "safe hex."

Neither adware nor spyware, collectively known as scumware,
magically install themselves on anyone's computer. They are almost
always deliberately installed by the computer's user, as part of some
allegedly "free" service or product.

While there are some unscrupulous malware distributors out there,
who do attempt to install and exploit malware without consent, the
majority of them simply rely upon the intellectual laziness and
gullibility of the average consumer, counting on them to quickly click
past the EULA in his/her haste to get the latest in "free" cutesy
cursors, screensavers, "utilities," and/or wallpapers.

If you were to read the EULAs that accompany, and to which the
computer user must agree before the download/installation of the
"screensaver" continues, most adware and spyware, you'll find that
they _do_ have the consumer's permission to do exactly what they're
doing. In the overwhelming majority of cases, computer users have no
one to blame but themselves.

There are several essential components to computer security: a
knowledgeable and pro-active user, a properly configured firewall,
reliable and up-to-date antivirus software, and the prompt repair (via
patches, hotfixes, or service packs) of any known vulnerabilities.

The weakest link in this "equation" is, all-too-often, the computer
user. No software manufacturer can -- nor should they be expected to --
protect the computer user from him/herself. All too many people have
bought into the various PC/software manufacturers marketing claims of
easy computing. They believe that their computer should be no harder to
use than a toaster oven; they have neither the inclination or desire to
learn how to safely use their computer. All too few people keep their
antivirus software current, install patches in a timely manner, or stop
to really think about that cutesy link they're about to click.

Firewalls and anti-virus applications, which should always be used
and should always be running, are important components of "safe hex,"
but they cannot, and should not be expected to, protect the computer
user from him/herself. Ultimately, it is incumbent upon each and every
computer user to learn how to secure his/her own computer.

To learn more about practicing "safe hex," start with these links:

Protect Your PC
http://www.microsoft.com/security/protect/default.asp

Home Computer Security
http://www.cert.org/homeusers/HomeComputerSecurity/

List of Antivirus Software Vendors
http://support.microsoft.com/default.aspx?scid=kb;en-us;49500

Home PC Firewall Guide
http://www.firewallguide.com/

Scumware.com
http://www.scumware.com/

The Parasite Fight
http://www.aumha.org/a/parasite.htm

--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH
 
D

David H. Lipman

Bruce has provided pertinent information.
All I can say is "dump them all !"

--
Dave




| Dave,
|
| I have completed 2 runs of trends sysclean, ad-ware & McAfee stinger twice
| in safe mode. I have then run all three once in normal mode.
| Ad Aware now runs without shutting down XP. It does identify about 200
| items, which fall into the following categories.
|
| Windupdates: 5 objects
|
| Bargin Buddy: 90 objects
|
| BlazeFind: 1 object
|
| SahAgent: 30 objects
|
| Search Relevancy: 13 objects
|
| 180 solutions: 45 objects
|
| Radsol.Quadrogram: 1 object
|
| Other: 7 objects
|
| Are they all safe to delete? Any help would be appreciated.
|
| Thanks
|
| Lozliz
|
|
| "David H. Lipman" wrote:
|
| > WinXP Boot into Safe Mode --
| >
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/boot_failsafe.mspx
| >
| > How to perform a Clean Boot of WinXP --
| > http://support.microsoft.com/kb/310353
| >
| > Generic Trojan, Spyware removal information --
| > http://www.claymania.com/removal-trojan-adware.html
| >
| > Trend will automatically deleted viruses, worms and/or Trojans. Adaware will provide
you
| > what it finds. You will have to check the box of the items it finds for it to clean
those
| > items selected.
| > --
| > Dave
| >
| >
| >
| >
| > | > | David,
| > |
| > | i have follwed points 1-3 below; however have stumbled at point 4.
| > |
| > | How do you reboot the computer into safe mode.
| > |
| > | Also once i run the various programmes how do i know what to delete and what
| > | not to delete ?
| > |
| > | Any advice would be appreciated.
| > |
| > | thanks
| > |
| > | lozliz
| > |
| > | "David H. Lipman" wrote:
| > |
| > | > That means you are infected with non-viral malware. It is a self preservation
scheme
| > that
| > | > when you execute Adaware, the malware will shutdown the PC such that you don't get a
| > chance
| > | > to remove it. I think that is pretty smart and I have run accross it a couple of
times
| > it
| > | > is certainly PITA !
| > | >
| > | > However, you CAN overcome this self preservation attempt.
| > | >
| > | > When you execute Adaware and you get the shutdown message, go to..
| > | >
| > | > Start --> run
| > | > and type
| > | >
| > | > shutdown -a
| > | >
| > | > then hit the enter key. That should stop the shutdown sequence and allow you to
clean
| > the
| > | > system. The following is a set of instructions I suggest to help make that cleaning
| > process
| > | > be effective as possible. Ignore the section about downloading Adaware unless you
don't
| > | > have Adaware SE v1.05.
| > | >
| > | > 1) Download the following three items...
| > | >
| > | > Trend Sysclean Package
| > | > http://www.trendmicro.com/download/dcs.asp
| > | >
| > | > Latest Trend Pattern File.
| > | > http://www.trendmicro.com/download/pattern.asp
| > | >
| > | > Adaware SE (free personal version v1.05)
| > | > http://www.lavasoftusa.com/
| > | >
| > | > Create a directory.
| > | > On drive "C:\"
| > | > (e.g., "c:\New Folder")
| > | > or the desktop
| > | > (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
| > | >
| > | > Download Sysclean.com and place it in that directory.
| > | > Download the Trend Pattern File by obtaining the ZIP file.
| > | > For example; lpt345.zip
| > | >
| > | > Extract the contents of the ZIP file and place the contents in the same directory as
| > | > sysclean.com.
| > | >
| > | > 2) Update Adaware with the latest definitions.
| > | > 3) Disable System Restore
| > | > http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
| > | > 4) Reboot your PC into Safe Mode and shutdown as many applications as possible
| > | > 5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of
your
| > | > platform and clean/delete any infectors/parasites found.
| > | > (a few cycles may be needed)
| > | > 6) Restart your PC and perform a "final" Full Scan of your platform using both
the
| > | > Trend Sysclean utility and Adaware
| > | > 7) Re-enable System Restore and re-apply any System Restore preferences,
| > | > (e.g. HD space to use suggested 400 ~ 600MB),
| > | > 8) Reboot your PC.
| > | > 9) Create a new Restore point
| > | >
| > | >
| > | > * * * Please report your results ! * * *
| > | >
| > | >
| > | >
| > | > --
| > | > Dave
| > | > http://www.claymania.com/removal-trojan-adware.html
| > | >
| > | >
| > | >
| > | >
| > | > | > | > | I have installed lavasoft adware. Wwhen I run for the first time the
| > | > | computer then shuts down, which has been authorised by NT authority system.
| > | > | The actual error message is:
| > | > | WINDOWS MUST NOW RESTART BECAUSE THE DCOM SERVER PROCESS LAUNCHER SERVICE
| > | > | TERMINATED UNEXPECTEDLY.
| > | > |
| > | > | Everthing else appears to be okay.
| > | >
| > | >
| > | >
| >
| >
| >
 
G

Guest

Bruce,

Thanks for the info all items now deleted. "others" disappeared when i
deleted the other items.

I will now spend time reading the additional links you sent.

Thank you.

lozliz
 
B

Bruce Chambers

lozliz said:
Bruce,

Thanks for the info all items now deleted. "others" disappeared when i
deleted the other items.

I will now spend time reading the additional links you sent.

Thank you.

lozliz
Click to expand...

You're welcome.

--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH
 
D

David H. Lipman

Anytime !

--
Dave




| Dave,
|
| All clean for the time being! Thanks for all your help.
|
| Lozliz
|
| "David H. Lipman" wrote:
|
| > Bruce has provided pertinent information.
| > All I can say is "dump them all !"
| >
| > --
| > Dave
| >
| >
| >
| >
| > | > | Dave,
| > |
| > | I have completed 2 runs of trends sysclean, ad-ware & McAfee stinger twice
| > | in safe mode. I have then run all three once in normal mode.
| > | Ad Aware now runs without shutting down XP. It does identify about 200
| > | items, which fall into the following categories.
| > |
| > | Windupdates: 5 objects
| > |
| > | Bargin Buddy: 90 objects
| > |
| > | BlazeFind: 1 object
| > |
| > | SahAgent: 30 objects
| > |
| > | Search Relevancy: 13 objects
| > |
| > | 180 solutions: 45 objects
| > |
| > | Radsol.Quadrogram: 1 object
| > |
| > | Other: 7 objects
| > |
| > | Are they all safe to delete? Any help would be appreciated.
| > |
| > | Thanks
| > |
| > | Lozliz
| > |
| > |
| > | "David H. Lipman" wrote:
| > |
| > | > WinXP Boot into Safe Mode --
| > | >
| >
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/boot_failsafe.mspx
| > | >
| > | > How to perform a Clean Boot of WinXP --
| > | > http://support.microsoft.com/kb/310353
| > | >
| > | > Generic Trojan, Spyware removal information --
| > | > http://www.claymania.com/removal-trojan-adware.html
| > | >
| > | > Trend will automatically deleted viruses, worms and/or Trojans. Adaware will
provide
| > you
| > | > what it finds. You will have to check the box of the items it finds for it to clean
| > those
| > | > items selected.
| > | > --
| > | > Dave
| > | >
| > | >
| > | >
| > | >
| > | > | > | > | David,
| > | > |
| > | > | i have follwed points 1-3 below; however have stumbled at point 4.
| > | > |
| > | > | How do you reboot the computer into safe mode.
| > | > |
| > | > | Also once i run the various programmes how do i know what to delete and what
| > | > | not to delete ?
| > | > |
| > | > | Any advice would be appreciated.
| > | > |
| > | > | thanks
| > | > |
| > | > | lozliz
| > | > |
| > | > | "David H. Lipman" wrote:
| > | > |
| > | > | > That means you are infected with non-viral malware. It is a self preservation
| > scheme
| > | > that
| > | > | > when you execute Adaware, the malware will shutdown the PC such that you don't
get a
| > | > chance
| > | > | > to remove it. I think that is pretty smart and I have run accross it a couple
of
| > times
| > | > it
| > | > | > is certainly PITA !
| > | > | >
| > | > | > However, you CAN overcome this self preservation attempt.
| > | > | >
| > | > | > When you execute Adaware and you get the shutdown message, go to..
| > | > | >
| > | > | > Start --> run
| > | > | > and type
| > | > | >
| > | > | > shutdown -a
| > | > | >
| > | > | > then hit the enter key. That should stop the shutdown sequence and allow you to
| > clean
| > | > the
| > | > | > system. The following is a set of instructions I suggest to help make that
cleaning
| > | > process
| > | > | > be effective as possible. Ignore the section about downloading Adaware unless
you
| > don't
| > | > | > have Adaware SE v1.05.
| > | > | >
| > | > | > 1) Download the following three items...
| > | > | >
| > | > | > Trend Sysclean Package
| > | > | > http://www.trendmicro.com/download/dcs.asp
| > | > | >
| > | > | > Latest Trend Pattern File.
| > | > | > http://www.trendmicro.com/download/pattern.asp
| > | > | >
| > | > | > Adaware SE (free personal version v1.05)
| > | > | > http://www.lavasoftusa.com/
| > | > | >
| > | > | > Create a directory.
| > | > | > On drive "C:\"
| > | > | > (e.g., "c:\New Folder")
| > | > | > or the desktop
| > | > | > (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
| > | > | >
| > | > | > Download Sysclean.com and place it in that directory.
| > | > | > Download the Trend Pattern File by obtaining the ZIP file.
| > | > | > For example; lpt345.zip
| > | > | >
| > | > | > Extract the contents of the ZIP file and place the contents in the same
directory as
| > | > | > sysclean.com.
| > | > | >
| > | > | > 2) Update Adaware with the latest definitions.
| > | > | > 3) Disable System Restore
| > | > | > http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
| > | > | > 4) Reboot your PC into Safe Mode and shutdown as many applications as
possible
| > | > | > 5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of
| > your
| > | > | > platform and clean/delete any infectors/parasites found.
| > | > | > (a few cycles may be needed)
| > | > | > 6) Restart your PC and perform a "final" Full Scan of your platform using
both
| > the
| > | > | > Trend Sysclean utility and Adaware
| > | > | > 7) Re-enable System Restore and re-apply any System Restore preferences,
| > | > | > (e.g. HD space to use suggested 400 ~ 600MB),
| > | > | > 8) Reboot your PC.
| > | > | > 9) Create a new Restore point
| > | > | >
| > | > | >
| > | > | > * * * Please report your results ! * * *
| > | > | >
| > | > | >
| > | > | >
| > | > | > --
| > | > | > Dave
| > | > | > http://www.claymania.com/removal-trojan-adware.html
| > | > | >
| > | > | >
| > | > | >
| > | > | >
| > | > | > | > | > | > | I have installed lavasoft adware. Wwhen I run for the first time the
| > | > | > | computer then shuts down, which has been authorised by NT authority system.
| > | > | > | The actual error message is:
| > | > | > | WINDOWS MUST NOW RESTART BECAUSE THE DCOM SERVER PROCESS LAUNCHER SERVICE
| > | > | > | TERMINATED UNEXPECTEDLY.
| > | > | > |
| > | > | > | Everthing else appears to be okay.
| > | > | >
| > | > | >
| > | > | >
| > | >
| > | >
| > | >
| >
| >
| >
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

computer won't stay on 4
NT AUTHORITY/SYSTEM 5
Windows XP DCOM Restarts Computer in 60 seconds 1
NT Authority\System shutdown 3
this shutdown is initiated by NT Authority/System 4
Event Id 7031, Computer Reboots 1
lsass.exe terminates unexpectedly 7
Remote Proceedure Call 3

Top