'System is shutting down'

  • Thread starter Thread starter JR
  • Start date Start date
J

JR

I am running Windows 2000 at home and recently started to
get hit with the following error message when I am
connected to the internet. "This system is shtting down.
Please save all work in progress and log off. Any unsaved
changes will be lost. The shutdown was initiated by NT
AUTHORITY\\SYSTEM". Sometimes I am conected to the
internet for only a minute or so before this message
appears, othertimes, I can be connected for as long as 15
minutes before it appears. Ultimately it always appears,
and it does in fact shut down my computer.

Does anyone have any insight into what the problem is and
how I might fix it? Thanks.
 
You either have the blaster or the sasser worm. There are several removal
tools available form any of the AV companies. You also need to update this
machine at windows update to stop this from happening. Most importantly you
NEED a firewall!!!
 
And maybe take notice of numerous news reports

Scott Harding - MS MVP said:
You either have the blaster or the sasser worm. There are several removal
tools available form any of the AV companies. You also need to update this
machine at windows update to stop this from happening. Most importantly you
NEED a firewall!!!
Click to expand...
 
Yeah...it's unbelievable that people don't see these reports. Even my
Grandma knew when these came out and she's 86 years old! ;)
 
It is caused by virus, may be sasser. Microsoft has a way
to fix, just search the word "sasser" and find more.
 
Greetings--

As you haven't provided any specific details or error messages,
the following is the result of having to guess what your problem might
be. There are at least two possibilities:

1) If you connected the PC to the Internet without having first
enabled a firewall, without having first installed an antivirus
application with current virus definition files, and before installing
the KB828471 Hotfix, you're very likely to get infected from any of
the thousands of PCs on the Internet that are constantly broadcasting
the Blaster and/or Welchia worms. It only takes a few seconds of
exposure.

To stay on-line long enough to get the necessary updates, patches,
and removal tools, click Start > Run, and enter "shutdown -a" when the
next RPC countdown begins. This will abort the shut down. Also, make
sure you've enabled a firewall before starting, to preclude any more
intrusions while getting the updates/patches/tools.

MS04-012 Cumulative Update for Microsoft RPC-DCOM
http://support.microsoft.com/default.aspx?scid=kb;en-us;828741

What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp

W32.Blaster.Worm a.k.a. W32/Lovesan.Worm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html

W32.Blaster.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

W32.Welchia.Worm a.k.a. W32/Nachi.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html

W32.Welchia.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.html

McAfee AVERT Stinger
http://us.mcafee.com/virusInfo/default.asp?id=stinger


2) You've apparently contracted the latest worm, W32.Sasser.Worm,
specifically designed to attack people who do not update their
computers promptly and who do not practice "safe hex." In other
words, like Blaster, this worm was developed and distributed _after_ a
patch for the vulnerability was announced and made publicly available.
Further, and also like Blaster, this worm could not affect any
computer whose user had taken the basic precaution of using a properly
configured firewall.

To stay on-line long enough to get the necessary updates, patches,
and removal tools, click Start > Run, and enter "shutdown -a" when the
next Shutdown countdown begins. This will abort the shut down. Also,
make
sure you've enabled a firewall before starting, to preclude any more
intrusions while getting the updates/patches/tools.

What You should Know about the Sasser Worm and its Variants
http://www.microsoft.com/security/incident/sasser.asp

Microsoft Security Bulletin MS04-011
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

W32.Sasser.Worm
http://www.symantec.com/avcenter/venc/data/w32.sasser.worm.html

A tool is available to remove the Sasser worm variants
http://support.microsoft.com/default.aspx?scid=kb;EN-US;841720

W32.Sasser.Worm Removal Tool
http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.removal.tool.html

McAfee AVert Stinger Virus Removal Tool
http://vil.nai.com/vil/stinger/

Bruce Chambers
 
Back
Top