Shut down in 60 secs...... HELP! Pls

  • Thread starter Thread starter lorne
  • Start date Start date
L

lorne

Greetings all,

I seem to have contracted the evil shut down in 60 sec. virus. I
reformatted my hard drive installed win xp pro and as soon as i plugged in
my internet to get my updates, i got the dreaded shutting down in 60 sec
warning. I unplugged my internet, ran stinger (found and corrected 2
infections). Restarted the computer, ran AVG (didn't find anything), ran
stinger again (didnt find anything), plugged in the internet to do the
updates.... bang... 60 sec warning!! disconnected the internet, tried to
run avg (won't run) went into safe mode, ran stinger (didnt find anything).
checked the registry (run, run once, run service etc). everything looked
good. rebooted, plugged in the internet and bang.... 60 second warning.

What should i do now??

thank you all for suggestions.
 
lorne said:
Greetings all,

I seem to have contracted the evil shut down in 60 sec. virus. I
reformatted my hard drive installed win xp pro and as soon as i plugged in
my internet to get my updates, i got the dreaded shutting down in 60 sec
warning. I unplugged my internet, ran stinger (found and corrected 2
infections). Restarted the computer, ran AVG (didn't find anything), ran
stinger again (didnt find anything), plugged in the internet to do the
updates.... bang... 60 sec warning!! disconnected the internet, tried to
run avg (won't run) went into safe mode, ran stinger (didnt find anything).
checked the registry (run, run once, run service etc). everything looked
good. rebooted, plugged in the internet and bang.... 60 second warning.

What should i do now??

thank you all for suggestions.

As long as you keep connecting to the internet without enabling the XP
firewall this will keep happing!


Sometimes,when you remove malware it will stop your TCP/IP
stack from working (Internet connection).
Winsock or LSP-fix will correct the problem,Download first.
Note to anyone using NOD32 Anti-Virus software,Do Not delete the
"imon.dll" this fix reports,That is your e/mail scanning engine.

YES-You need more than 1 malware program,I use all of these.
LSP-fix- http://www.cexx.org/lspfix.htm
Spybot S&D - http://www.safer-networking.org/en/index.html
CWS Smart Killer- http://www.safer-networking.org/minifiles.html

About Buster- http://www.spychecker.com/program/aboutbuster.html
Ad-Aware SE - http://www.lavasoftusa.com/software/adaware/
CWShredder - http://www.majorgeeks.com/download4086.html
Hijack this - http://www.majorgeeks.com/download3155.html\
Hijacjthis tutorial -http://forums.maddoktor2.com/index.php?showtopic=165
SpywareBlaster - http://www.javacoolsoftware.com/spywareblaster.html
SpywareGuard - http://www.javacoolsoftware.com/spywareguard.html
WinPatrol - http://winpatrol.com
BHODemon - http://pcworld.com/downloads/file_download.asp?fid=23611&fileidx=1
Bazooka -http://www.kephyr.com/spywarescanner/index.html
asquared2 "Trojan Remover" - http://www.emsisoft.com/en/
Socklock- http://nsclean.com/socklock.html

NOD32Anti-Virus Free 30 day trial
http://nod32.com/download/trial.htm

A link for free online virus and trojan scanners.
http://virusall.com/downscan.html

A listing of BHO's
http://www.spywaredata.com/bho.php?current_page=0

To see if that freeware program you are about to inststall
is infested with spyware check it out first at this link.
http://www.spychecker.com/


To help stop unauthorized downloads via your activex controls change your
default settings.
These settings are good for XP. The wording should be close for other systems
as well.
Go to control panel and open "internet options.
Click on the security tab then custom level.
make sure these settings are as follows.

Download signed active x controls>set to prompt
Download unsigned active x controls>set to disable
Initialize and script active x controls not marked as safe>set to disable
Run active x controls and pluggins>set to enable
Script active x controls marked safe for scripting>set to enable
Java permissions>set to high
Launching programs and files in a IFRAME" > Prompt
Installation of Desktop items"> Prompt
Navigate sub-frames across different domains>prompt

Free Firewalls
ZoneAlarm (Free and up)
http://snipurl.com/6ohg

Kerio Personal Firewall (KPF) (Free and up)
http://www.kerio.com/kpf_download.html

Outpost Firewall from Agnitum (Free and up)
http://www.agnitum.com/download/

Sygate Personal Firewall (Free and up)
http://smb.sygate.com/buy/download_buy.htm

NTbackup link
http://www.onecomputerguy.com/software/ntbackup.msi
Erunt- http://home.t-online.de/home/lars.hederer/erunt/index.htm
 
I was given a gateway 610 WinXP Media Center PC to clean last week. It had a few Trojans
and Adaware indentified some 2800 objects from files, registry entries to cookies to be
removed.

The interesting thing was that when I ran Adaware on the PC, it caused a RPC ShutDown in 60
secs. type of message. Different from the Blaster/Lovsan message. I have to assume that
one of the parasites or infectors on the platform had a "self preservation" protection
scheme. That is it detected Adaware running and it generated a system ShutDown to protect
itself from being removed.

Executing "shutdown -a" resolved that problem and multiple passes of Adaware in Safe Mode
and a pass of the McAfee Command Line Scanner in Safe Mode completely cleaned the PC.

Dave




|
|
| "lorne" wrote:
|
| > Greetings all,
| >
| > I seem to have contracted the evil shut down in 60 sec. virus. I
| > reformatted my hard drive installed win xp pro and as soon as i plugged in
| > my internet to get my updates, i got the dreaded shutting down in 60 sec
| > warning. I unplugged my internet, ran stinger (found and corrected 2
| > infections). Restarted the computer, ran AVG (didn't find anything), ran
| > stinger again (didnt find anything), plugged in the internet to do the
| > updates.... bang... 60 sec warning!! disconnected the internet, tried to
| > run avg (won't run) went into safe mode, ran stinger (didnt find anything).
| > checked the registry (run, run once, run service etc). everything looked
| > good. rebooted, plugged in the internet and bang.... 60 second warning.
| >
| > What should i do now??
| >
| > thank you all for suggestions.
| >
| >
| >
| >
| >
|
| As long as you keep connecting to the internet without enabling the XP
| firewall this will keep happing!
|
|
| Sometimes,when you remove malware it will stop your TCP/IP
| stack from working (Internet connection).
| Winsock or LSP-fix will correct the problem,Download first.
| Note to anyone using NOD32 Anti-Virus software,Do Not delete the
| "imon.dll" this fix reports,That is your e/mail scanning engine.
|
| YES-You need more than 1 malware program,I use all of these.
| LSP-fix- http://www.cexx.org/lspfix.htm
| Spybot S&D - http://www.safer-networking.org/en/index.html
| CWS Smart Killer- http://www.safer-networking.org/minifiles.html
|
| About Buster- http://www.spychecker.com/program/aboutbuster.html
| Ad-Aware SE - http://www.lavasoftusa.com/software/adaware/
| CWShredder - http://www.majorgeeks.com/download4086.html
| Hijack this - http://www.majorgeeks.com/download3155.html\
| Hijacjthis tutorial -http://forums.maddoktor2.com/index.php?showtopic=165
| SpywareBlaster - http://www.javacoolsoftware.com/spywareblaster.html
| SpywareGuard - http://www.javacoolsoftware.com/spywareguard.html
| WinPatrol - http://winpatrol.com
| BHODemon - http://pcworld.com/downloads/file_download.asp?fid=23611&fileidx=1
| Bazooka -http://www.kephyr.com/spywarescanner/index.html
| asquared2 "Trojan Remover" - http://www.emsisoft.com/en/
| Socklock- http://nsclean.com/socklock.html
|
| NOD32Anti-Virus Free 30 day trial
| http://nod32.com/download/trial.htm
|
| A link for free online virus and trojan scanners.
| http://virusall.com/downscan.html
|
| A listing of BHO's
| http://www.spywaredata.com/bho.php?current_page=0
|
| To see if that freeware program you are about to inststall
| is infested with spyware check it out first at this link.
| http://www.spychecker.com/
|
|
| To help stop unauthorized downloads via your activex controls change your
| default settings.
| These settings are good for XP. The wording should be close for other systems
| as well.
| Go to control panel and open "internet options.
| Click on the security tab then custom level.
| make sure these settings are as follows.
|
| Download signed active x controls>set to prompt
| Download unsigned active x controls>set to disable
| Initialize and script active x controls not marked as safe>set to disable
| Run active x controls and pluggins>set to enable
| Script active x controls marked safe for scripting>set to enable
| Java permissions>set to high
| Launching programs and files in a IFRAME" > Prompt
| Installation of Desktop items"> Prompt
| Navigate sub-frames across different domains>prompt
|
| Free Firewalls
| ZoneAlarm (Free and up)
| http://snipurl.com/6ohg
|
| Kerio Personal Firewall (KPF) (Free and up)
| http://www.kerio.com/kpf_download.html
|
| Outpost Firewall from Agnitum (Free and up)
| http://www.agnitum.com/download/
|
| Sygate Personal Firewall (Free and up)
| http://smb.sygate.com/buy/download_buy.htm
|
| NTbackup link
| http://www.onecomputerguy.com/software/ntbackup.msi
| Erunt- http://home.t-online.de/home/lars.hederer/erunt/index.htm
 
Hi Dave,

Had the exact thing happen here Friday in my shop, running Ad-Aware SE (with
over 1900 infected files). Thought it some odd. But all ended happily.

This was the first instance, and will pay better mind from here as to note.
The only oddity between this system and the rest that I have cleaned was the
Sex Babe XXX (something like that). Will call the client tomorrow as he
would well remember the name. As it plagued him and his marriage for over a
week. :o)

ll the Best,
Kelly

Microsoft-MVP Windows® XP-Shell/User
2004 Windows MVP "Winny" Award

Troubleshooting Windows XP
http://www.kellys-korner-xp.com
 
lorne said:
Greetings all,

I seem to have contracted the evil shut down in 60 sec. virus. I
reformatted my hard drive installed win xp pro and as soon as i
plugged in my internet to get my updates, i got the dreaded shutting
down in 60 sec warning. I unplugged my internet, ran stinger (found
and corrected 2 infections). Restarted the computer, ran AVG
(didn't
find anything), ran stinger again (didnt find anything), plugged in
the internet to do the updates.... bang... 60 sec warning!!
disconnected the internet, tried to run avg (won't run) went into
safe mode, ran stinger (didnt find anything). checked the registry
(run, run once, run service etc). everything looked good.
rebooted,
plugged in the internet and bang.... 60 second warning.

What should i do now??

thank you all for suggestions.


Knowing that you're likely to get re-infected as soon as you
connect to the Internet, is there any particular reason you still
refuse to use a firewall?

As you haven't provided any specific details or error messages,
the following is the result of having to guess what your problem might
be. There are at least two possibilities:

1) If you connected the PC to the Internet without having first
enabled a firewall, without having first installed an antivirus
application with current virus definition files, and before installing
the KB828471 Hotfix, you're very likely to get infected from any of
the thousands of PCs on the Internet that are constantly broadcasting
the Blaster and/or Welchia worms. It only takes a few seconds of
exposure.

To stay on-line long enough to get the necessary updates, patches,
and removal tools, click Start > Run, and enter "shutdown -a" when the
next RPC countdown begins. This will abort the shut down. Also, make
sure you've enabled a firewall before starting, to preclude any more
intrusions while getting the updates/patches/tools.

MS04-012 Cumulative Update for Microsoft RPC-DCOM
http://support.microsoft.com/default.aspx?scid=kb;en-us;828741

What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp

W32.Blaster.Worm a.k.a. W32/Lovesan.Worm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html

W32.Blaster.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

W32.Welchia.Worm a.k.a. W32/Nachi.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html

W32.Welchia.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.html

McAfee AVERT Stinger
http://us.mcafee.com/virusInfo/default.asp?id=stinger


2) You've apparently contracted the latest worm, W32.Sasser.Worm,
specifically designed to attack people who do not update their
computers promptly and who do not practice "safe hex." In other
words, like Blaster, this worm was developed and distributed _after_ a
patch for the vulnerability was announced and made publicly available.
Further, and also like Blaster, this worm could not affect any
computer whose user had taken the basic precaution of using a properly
configured firewall.

To stay on-line long enough to get the necessary updates, patches,
and removal tools, click Start > Run, and enter "shutdown -a" when the
next Shutdown countdown begins. This will abort the shut down. Also,
make sure you've enabled a firewall before starting, to preclude any
more intrusions while getting the updates/patches/tools.

What You should Know about the Sasser Worm and its Variants
http://www.microsoft.com/security/incident/sasser.asp

Microsoft Security Bulletin MS04-011
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

W32.Sasser.Worm
http://www.symantec.com/avcenter/venc/data/w32.sasser.worm.html

A tool is available to remove the Sasser worm variants
http://support.microsoft.com/default.aspx?scid=kb;EN-US;841720

W32.Sasser.Worm Removal Tool
http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.removal.tool.html

McAfee AVert Stinger Virus Removal Tool
http://vil.nai.com/vil/stinger/

--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having
both at once. - RAH
 
thank you Kelly
seems i did the blaster tool but not the sasser.... that got it... thank you
thank you.
 
hi - i found some posts re shutting down in 60 secs and wondered if anyone
can suggest anything to help me.... my pc running xp shuts down without
warning - sometimes it might have been turned on for only minutes, then
begins to shut itself down. Other times it can go hours and still NOT shut
down - there dosnt seem to be a pattern to it .... but its difficult to relax
knowing it might decide to shut down at any time.... any suggestions would be
VERY welcome. ta
 
Hi, Valerie.

There are many possible causes for abrupt shutdowns. Some of them are
hardware-related. These can range from simple overheating (dust inside
computer, or inadequate ventilation around it) to a defective power supply
to loose or defective cables to bad RAM...

Another possible cause is a virus. There were a LOT of people with this
problem a year or two ago when one of the bad guys was running rampant.
Your "gonna shut down in 60 seconds" sounds suspiciously like that. Since I
didn't have the problem myself, I'm not the best guy to ask about it, but
I'm sure many regulars here can tell you what symptoms to look for and which
fix to use to get rid of it - and keep it from coming back. This comes
under the heading of "practicing safe hex".

The other possibility is a problem in software, either the operating system
(WinXP), or drivers for your hardware, or a bug in some program that you are
running. One way to start diagnosing this kind of problem is to change
WinXP's default behavior. The default setting for "what to do on system
failure" is to Automatically restart. As most experienced computer users
know, simply rebooting solves many momentary glitches. But when it doesn't,
we are left with no clue as to what happened. Go to System Properties |
Advanced | Startup and Recovery / Settings and remove the check from the
Automatically restart line.

If your problem is cause by software, the next time it happens, your
computer should halt with a BSOD (Blue Screen of Death) full of cryptic
codes. These codes may be cryptic to you (and me) but they speak volumes to
those who know how to read them. You'll still have to reboot (by pressing
your computer's Reset button), but you'll have all the time you need to copy
down those codes so that you can paste them (verbatim) here. Then some guru
(not me!) can probably point you in the right direction.

RC
 
Valerie said:
hi - i found some posts re shutting down in 60 secs and wondered if
anyone can suggest anything to help me.... my pc running xp shuts down
without warning - sometimes it might have been turned on for only
minutes, then
begins to shut itself down. Other times it can go hours and still NOT
shut down - there dosnt seem to be a pattern to it .... but its
difficult to relax knowing it might decide to shut down at any
time.... any suggestions would be VERY welcome. ta

Random shutting down like that is usually caused by failing hardware
and/or overheating. Here are some general hardware troubleshooting
steps:

1) Open the computer and run it open, cleaning out all dust bunnies and
observing all fans (overheating will cause system freezing). Obviously
you can't do this with a laptop, but you can hear if the fan is running
and feel if the laptop is getting too hot.

2) Test the RAM - I like Memtest86+ from www.memtest.org. Obviously, you
have to get the program from a working machine. You will either
download the precompiled Windows binary to make a bootable floppy or
the .iso to make a bootable cd. If you want to use the latter, you'll
need to have third-party burning software on the machine where you
download the file - XP's built-in burning capability won't do the job.
In either case, boot with the media you made. The test will run
immediately. Let the test run for an extended period of time - unless
errors are seen immediately. If you get any errors, replace the RAM.

3) Test the hard drive with a diagnostic utility from the mftr. Usually
you will download the file and make a bootable floppy with it. Boot
with the media and do a thorough test. If the drive has physical
errors, replace it.

4) The power supply may be going bad or be inadequate for the devices
you have in the system. The adequacy issue doesn't really apply to a
laptop, although of course the power
supply can be faulty.

5) Test the motherboard with something like TuffTest from
www.tufftest.com. Sometimes this is useful, and sometimes it isn't.

Testing hardware failures often involves swapping out suspected parts
with known-good parts. If you can't do the testing yourself and/or are
uncomfortable opening your computer, take the machine to a good local
computer repair shop (not a CompUSA or Best Buy type of store).

Malke
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads


Back
Top