System Shutdown problem

L

Lynn

I keep getting a NT Authority System Shutdown box stating
that C:\Windows\System32\LSASS.EXE has terminated
unexpectedly with code l073741819. I have tried
reinstalling my Windows XP Home Edition, as well as
repairing it. I have scanned my pc for virus and have
found none. This error also seems to be crashing my
McAfee virus scanner.

Help I am stumped...

Lynn
 
M

Malke

Lynn said:
I keep getting a NT Authority System Shutdown box stating
that C:\Windows\System32\LSASS.EXE has terminated
unexpectedly with code l073741819. I have tried
reinstalling my Windows XP Home Edition, as well as
repairing it. I have scanned my pc for virus and have
found none. This error also seems to be crashing my
McAfee virus scanner.
Click to expand...

This error is caused by either the MSBlaster or Sasser virus. You may
have other viruses, also. This could happen if your McAfee is an old
version and you have not kept your subscription current. Here are
troubleshooting steps:

1) Take the infected machine off the Internet and any lan immediately.
2) From a different, clean machine download Stinger
(http://vil.nai.com/vil/stinger/) and run it in Safe Mode. Stinger is a
limited virus checker, but its advantage is that it is standalone and
doesn't need to be installed.
3) Hope that Stinger cleans up the machine enough to be able to
reinstall your av or install a new, current one. Update its definitions
and do a full scan.
4) Also from a different machine, download the patches for Sasser and
Blaster from Microsoft and apply them *after* you've cleaned off the
viruses. Here are links:
http://www.microsoft.com/security/incident/sasser.mspx
http://www.microsoft.com/security/incident/blast.mspx
5) Install a firewall.

DO NOT CONNECT YOUR MACHINE TO THE INTERNET UNTIL IT IS VIRUS-FREE AND
PATCHED AND YOU HAVE A FIREWALL INSTALLED. IF YOUR COMPUTER IS NOT
PATCHED AND BEHIND A FIREWALL, YOU CAN INFECTED ALMOST IMMEDIATELY
AFTER CONNECTING TO THE INTERNET.

6) Continue the cleaning process by removing any spyware with Spybot
Search & Destroy (http://www.safer-networking.org) and Ad-aware
(http://www.lavasoftusa.com). These programs are free, so run them both
since they complement each other. You may also want to run CWShredder
and HijackThis from http://aumha.org/freeware.htm. Although CWShredder
is no longer being updated, it will still clean older variants of the
CoolWebSearch malware. Be sure to update these programs before running
them. Always read the instructions before running a spyware removal
tool. It is best to run antivirus and spyware removal tools in Safe
Mode.
7) Go to Windows Update and apply all security patches for your
operating system. Do not install drivers from Windows Update.

Malke
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

System Shutdown when on line!!!! Help 4
Running WXP Pro, getting shutdown NT Authority/system message 4
nt authority system shutdown 4
Internet connection 3
system shutdown 3
Computer Shutdown 3
Microsoft .NET Framework update leads to virus-like symptoms? 1
Microsoft .NET Famework 2

Top