System Shutdown initiated by NT AUTHORITY\SYSTEM

C

Consuelo P. Salas

I experience frequent System Shutdown. The message
states that the Remote Procedure Call has terminated
unexpectedly.

This condition causes the NT AUTHORITY\SYSTEM to initiate
a System Shutdown.

What causes the problem and how can it be corrected ?

Thanks in advance for your help
 
G

Gary Tsang

Hi,

It appears your computer has been infected with the Blaster virus. For more
information and how to fix this please see follow this link:
http://www.microsoft.com/security/incident/blast.asp
http://www.microsoft.com/security/protect/main.asp

Microsoft Knowledge Base Article - 824146
A Buffer Overrun in RPCSS Could Allow an Attacker to Run Malicious Programs
http://support.microsoft.com/?kbid=824146

More information about this particular worm:
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html

Removal Information can be found here
http://www.kellys-korner-xp.com/xp_qr.htm#rpc
 
M

Malke

Consuelo said:
I experience frequent System Shutdown. The message
states that the Remote Procedure Call has terminated
unexpectedly.

This condition causes the NT AUTHORITY\SYSTEM to initiate
a System Shutdown.

What causes the problem and how can it be corrected ?

Thanks in advance for your help
Click to expand...

You have the blaster virus or one of its variants. Take the infected pc
off the Internet and any other lans. Here is a writeup with
instructions from Symantec.

http://www.sarc.com/avcenter/venc/data/w32.blaster.worm.html

After you get the machine cleaned up, please patch your operating system
and get a current antivirus installed.

Malke
 
M

Melissa

Consuelo said:
I experience frequent System Shutdown. The message
states that the Remote Procedure Call has terminated
unexpectedly.

This condition causes the NT AUTHORITY\SYSTEM to initiate
a System Shutdown.

What causes the problem and how can it be corrected ?

Thanks in advance for your help
Click to expand...

After you fix the Blaster worm problem you must download and install ALL
MS Critical Updates and Service Packs.

Then, to keep your computer safe, you need the following:

A good Anti-Virus program

A good firewall like Zone Alarm or the built in XP firewall
ZoneAlarm is available free at:
http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp

Ad-Aware 6.0 - for removing spyware
http://www.lavasoftusa.com/

Spybot Search & Destroy - for removing spyware
http://www.safer-networking.org/

CWShredder - gets rid of page hijackers
http://www.majorgeeks.com/download4086.html

Google Toolbar - for blocking popups

http://toolbar.google.com/

Before running these, do the following:

Delete temporary internet files and internet history.
 
B

Bruce Chambers

Greetings --

If you connected the PC to the Internet without having first
enabled a firewall, without having first installed an antivirus
application with current virus definition files, and before installing
the KB824146 Hotfix, you're very likely to get infected from any of
the thousands of PCs on the Internet that are constantly broadcasting
the Blaster and/or Welchia worms. It only takes a few seconds of
exposure.

To stay on-line long enough to get the necessary updates, patches,
and removal tools, click Start > Run, and enter "shutdown -a" when the
next RPC countdown begins. This will abort the shut down. Also, make
sure you've enabled a firewall before starting, to preclude any more
intrusions while getting the updates/patches/tools.

Microsoft Security Bulletin MS03-39
http://support.microsoft.com/?kbid=824146

What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp

W32.Blaster.Worm a.k.a. W32/Lovesan.Worm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html

W32.Blaster.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

W32.Welchia.Worm a.k.a. W32/Nachi.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html

W32.Welchia.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.html

McAfee AVERT Stinger
http://us.mcafee.com/virusInfo/default.asp?id=stinger


Bruce Chambers

--
Help us help you:




You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

System Shutdown initiated by NT AUTHORITY\SYSTEM 3
System Shutdown initiated by NTAUTHORIYT\SYSTEM 2
Remote Procedure Call (RPC) service is terminated Unexpectedly 8
NT Authority\System hangs my machine 7
NT AUTHORITY\SYSTEM error 5
nt authority system shutdown 4
Remote Procedure Call Service (RPC) Terminated Unexpectedly 4
RPC / NT Authority 6

Top