services.exe terminated unexpectedly with status code

[vwoz]

I have a system that occasionally gets this error message: services.exe
terminated unexpectedly status code 1073741819 and will shut down computer in
45 seconds. I've done some research and can only find data on this code for
Win2K or NT 4.0. Any ideas on what to look for would be appreciated. I have
cleaned several viruses from this system although its was doing this before I
removed the viruses. I have also noticed that PC-Cillin Internet Security
firewall propmts me with suspicious activity from components and services. I
have tried to block the activity and this seems to prompt this error more
frequently. If I allow the activity I dont get the error every time I boot.
Looking at the settings in the firewall, there are no ports or IP addresses
listed for the activity, but the are all outgoing.

 

[David H. Lipman]

From: "vwoz" <[email protected]>

| I have a system that occasionally gets this error message: services.exe
| terminated unexpectedly status code 1073741819 and will shut down computer in
| 45 seconds. I've done some research and can only find data on this code for
| Win2K or NT 4.0. Any ideas on what to look for would be appreciated. I have
| cleaned several viruses from this system although its was doing this before I
| removed the viruses. I have also noticed that PC-Cillin Internet Security
| firewall propmts me with suspicious activity from components and services. I
| have tried to block the activity and this seems to prompt this error more
| frequently. If I allow the activity I dont get the error every time I boot.
| Looking at the settings in the firewall, there are no ports or IP addresses
| listed for the activity, but the are all outgoing.

When you get the shutdown message enter; shutdown -a


Download MULTI_AV.EXE from the URL --
http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe

http://www.pctipp.ch/downloads/dl/35905.asp

English:
http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * * Please report back your results * * *

 

[John John]

Sounds to me like you still have infections.

John

 

[nass]

I have a system that occasionally gets this error message: services.exe
terminated unexpectedly status code 1073741819 and will shut down computer in
45 seconds. I've done some research and can only find data on this code for
Win2K or NT 4.0. Any ideas on what to look for would be appreciated. I have
cleaned several viruses from this system although its was doing this before I
removed the viruses. I have also noticed that PC-Cillin Internet Security
firewall propmts me with suspicious activity from components and services. I
have tried to block the activity and this seems to prompt this error more
frequently. If I allow the activity I dont get the error every time I boot.
Looking at the settings in the firewall, there are no ports or IP addresses
listed for the activity, but the are all outgoing.

Go through these Cleaning steps:
1... First, try to clean up your caches, Internet files and delete cookies
by doing this:
Click Start >> Control Panel >> Double click Network and Internet
Connections >> Double click Internet Options.
On the IE properties windows you will see these Tabs:
General | Security | Privacy | Content | Connections | Programs |
Advanced
Under General Tab clear your History, Internet Files and Cookies.
Then click on Advanced tab and scroll down to under the Browsing Option:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.
Then click on Programs Tab and click Manage Add-Ons and Disable all non
Verified Add-Ons (You should Renable them later one-by-one and see the
culprit and update it or remove it.
How to manage Add-Ons:
http://support.microsoft.com/kb/883256
Scan for malware from here:
SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
RootkitRevealer v1.71
By Bryce Cogswell and Mark Russinovich
http://www.microsoft.com/technet/sysinternals/Security/RootkitRevealer.mspx


Run a scan from here on-line:
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner (off-line scanner) from here:
http://www.avast.com/eng/avast-virus-cleaner.html

Lots of tools to download and disinfect your machine (off-line scanner):
http://www.bitdefender.co.uk/site/Downloads/browseFreeRemovalTool/

After the scan run disk clean-up on your drive.

It will help you to both identify and remove any hijackware/spyware. Post
your log to
http://www.merijn.org/index.php
http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7, or other appropriate
forums for expert analysis, not here.

Open a Notepad, customize or minimize to the taskbar as you will need it
later for this step to copy the error message on it.
Open a run command and type in:
eventvwr.msc click [OK] you will get the Event viewer control Panel.
click on each of these:
Application
System
Security
Look in the right Pane/window for error message with red (X) or Yellow
exclamation mark /!\ , double click each one to get more info about the
causer.
On the Event error properties message you will see:
Up Arrow
Down arrow
Two pages
Click on the two pages to copy the error message then bring up the Notepad
you opened earlier and right click on the first line and select Paste from
the list, this will paste the error message on a Notepad.
Please don't duplicate the error message one of each kind will be sufficient.
HOW TO: View and Manage Event Logs in Event Viewer in Windows XP
http://support.microsoft.com/kb/308427/en-us

Please we need just the error messages with Red (X) and don't repeat the
error, just one of each kind and post them back in your next post.

Let us know your progress.
nass

 

[vwoz]

I tried Multi AV and it nuked the system. I watched desktop icons disappear,
I watched the start bar go away, and the folders accessed thru programs all
show empty (although they are not as displyed thru the root). I'm goning to
start from scratch.

From: "vwoz" <[email protected]>

| I have a system that occasionally gets this error message: services.exe
| terminated unexpectedly status code 1073741819 and will shut down computer in
| 45 seconds. I've done some research and can only find data on this code for
| Win2K or NT 4.0. Any ideas on what to look for would be appreciated. I have
| cleaned several viruses from this system although its was doing this before I
| removed the viruses. I have also noticed that PC-Cillin Internet Security
| firewall propmts me with suspicious activity from components and services. I
| have tried to block the activity and this seems to prompt this error more
| frequently. If I allow the activity I dont get the error every time I boot.
| Looking at the settings in the firewall, there are no ports or IP addresses
| listed for the activity, but the are all outgoing.

When you get the shutdown message enter; shutdown -a


Download MULTI_AV.EXE from the URL --
http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe

http://www.pctipp.ch/downloads/dl/35905.asp

English:
http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * * Please report back your results * * *

 

[David H. Lipman]

From: "vwoz" <[email protected]>

| I tried Multi AV and it nuked the system. I watched desktop icons disappear,
| I watched the start bar go away, and the folders accessed thru programs all
| show empty (although they are not as displyed thru the root). I'm goning to
| start from scratch.
|

That is UNUSUAL to say the least unless the legitimate SERVICES.EXE was Trojanized
(patched).

The other possibility is EXPLORER.EXE process was killed.

If you hit; Ctrl+Alt+Del and choose; Task Manager
Then choose; File --> New Task (Run)
and execute; explorer.exe

Should restore the DeskTop.

 

[vwoz]

I tried several things to get back to the original desktop...no go. I had
numerous shortcuts that went away (Windows Update was just one) and the
favorites folder under all users was wiped. I stored files in my documents
before I started, so i have the users files still. With the issues thies
system had, it would have been better (and easier) to do a clean install in
the first place, but I tried to crush all of the bugs on the system. This was
the last little pain in the butt, but it looks like there had been a lot of
damage done already. The hosts file was infected, there were services that
were trying to run, and ranges of IP addresses I wound up by blocking due to
trojan/spyware activity. Now I will know the system is clean!!!!

 

[David H. Lipman]

From: "vwoz" <[email protected]>

| I tried several things to get back to the original desktop...no go. I had
| numerous shortcuts that went away (Windows Update was just one) and the
| favorites folder under all users was wiped. I stored files in my documents
| before I started, so i have the users files still. With the issues thies
| system had, it would have been better (and easier) to do a clean install in
| the first place, but I tried to crush all of the bugs on the system. This was
| the last little pain in the butt, but it looks like there had been a lot of
| damage done already. The hosts file was infected, there were services that
| were trying to run, and ranges of IP addresses I wound up by blocking due to
| trojan/spyware activity. Now I will know the system is clean!!!!
|

I agree. Wipe and re-install.