This sounds like the Sasser (no Blaster/Lovsan) Internet worm. McAfee's Stinger is an
excellent tool for cleaning both the Sasser and Blaster/Lovsan and I am sufggesting an
addition broad-spectrum virus, worm and Trojan remval tool.
Cleaning the system is NOT enough. A FireWall (such as the built-in XP FireWall) must be
enabled and *all* Critical Updates *must* be installed or the person will just be
infected/shutdown again.
WinXP SP2 corrects the vulnerabilities that the above Internet worms exploit.
When the user gets the shutdiown message, the following command can be used to stop the
shhutdown process
shutdown -a
Once entered, you can then clean and update the affected platform. If the PC is on
Broadband, I highly suggest a Cable/DSL Router as they act as simplistic or full hardware
FireWalls and will help protect against this an other events.
1) Download the following three items...
McAfee Stinger
http://vil.nai.com/vil/stinger/
Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp
Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp
Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
Download SYSCLEAN.COM and place it in that directory.
Download the signature files (pattern files) by obtaining the ZIP file.
For example; lpt337.zip
Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM.
2) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
3) Reboot your PC into Safe Mode and shutdown as many applications as possible
4) Using both the Trend Sysclean utility and Stinger, perform a Full Scan of your
platform and clean/delete any infectors found
5) Restart your PC and perform a "final" Full Scan of your platform using both.
6) If you are using WinME or WinXP, Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
7) Reboot your PC.
8) If you are using WinME or WinXP, create a new Restore point
* * * Please report back your results * * *
--
Dave
http://www.claymania.com/removal-trojan-adware.html
| Hi, my friends computer has got major porblems. The computer gets to the log
| in screen, but after selecting a user, the computer gives my friend a message
| that the computer has been shut down my NT AUTHORITY SYSTEM and will be
| restarted (countdown in seconds). My friend also noticed the following peices
| of information on the same page:
|
| NT AUTHORITY SYSTEM
| 1073741819
| C;/WINDOWS/SYSTEM32/SERVICES.EXE
|
| No porgrams have been installed recently. Has the computer got a virus?
| (running NORTON).
|
| What can i do to resolve this problem.
|
| regards and thanks in advance.
