system 32

[Guest]

When I am on-line, my computer (windows xp, home edition) allows me 1 minute
to log off/ save programs while telling me the computer is shutting down. A
box appears and tells me that a status code 128 in the system 32 folder has
caused this shut down. it also tells me that the shut down was initiated by
NT AUTHORITY/SYSTEM, and a code of isass.exe'. It usually happens when I
sighn on to check my e-mail, but can happen any time while on line.

 

[Ricky]

See if this helps..
http://www.microsoft.com/security/incident/blast.mspx

 

[MAP]

When I am on-line, my computer (windows xp, home edition) allows me 1
minute to log off/ save programs while telling me the computer is
shutting down. A box appears and tells me that a status code 128 in
the system 32 folder has caused this shut down. it also tells me that
the shut down was initiated by NT AUTHORITY/SYSTEM, and a code of
isass.exe'. It usually happens when I sighn on to check my e-mail,
but can happen any time while on line.

 

[MAP]

When I am on-line, my computer (windows xp, home edition) allows me 1
minute to log off/ save programs while telling me the computer is
shutting down. A box appears and tells me that a status code 128 in
the system 32 folder has caused this shut down. it also tells me that
the shut down was initiated by NT AUTHORITY/SYSTEM, and a code of
isass.exe'. It usually happens when I sighn on to check my e-mail,
but can happen any time while on line.

You have a worm.

 

[Bruce Chambers]

When I am on-line, my computer (windows xp, home edition) allows me 1 minute
to log off/ save programs while telling me the computer is shutting down. A
box appears and tells me that a status code 128 in the system 32 folder has
caused this shut down. it also tells me that the shut down was initiated by
NT AUTHORITY/SYSTEM, and a code of isass.exe'. It usually happens when I
sighn on to check my e-mail, but can happen any time while on line.

As unlikely as it seems, it certainly sounds like you've contracted a
very old, widely-publicized (a couple years ago) worm, W32.Sasser.Worm,
specifically designed to attack people who do not update their computers
promptly and who do not practice "safe hex." In other words, like
Blaster, this worm was developed and distributed _after_ a patch for the
vulnerability was announced and made publicly available. Further, and
also like Blaster, this worm could not affect any computer whose user
had taken the basic precaution of using a properly configured firewall.

To stay on-line long enough to get the necessary updates, patches,
and removal tools, click Start > Run, and enter "shutdown -a" when the
next Shutdown countdown begins. This will abort the shut down. Also,
make sure you've enabled a firewall before starting, to preclude any
more intrusions while getting the updates/patches/tools.

What You should Know about the Sasser Worm and its Variants
http://www.microsoft.com/security/incident/sasser.asp

Microsoft Security Bulletin MS04-011
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

W32.Sasser.Worm
http://www.symantec.com/avcenter/venc/data/w32.sasser.worm.html

A tool is available to remove the Sasser worm variants
http://support.microsoft.com/default.aspx?scid=kb;EN-US;841720

W32.Sasser.Worm Removal Tool
http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.removal.tool.html

McAfee AVert Stinger Virus Removal Tool
http://vil.nai.com/vil/stinger/


--

Bruce Chambers

Help us help you:



They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin

Is life so dear or peace so sweet as to be purchased at the price of
chains and slavery? .... I know not what course others may take, but as
for me, give me liberty, or give me death! -Patrick Henry