System shuts down

  • Thread starter Thread starter Tom
  • Start date Start date
T

Tom

On a XP box I support. I just installed MSN 8 and now when
it is online a message comes up saying there is a problem
and the NT authority\system is going to shut the computer
down. Has any one seen this before?

Thanks
 
It sounds like the Blaster worm. Search Microsoft.com for instructions on
updating your system and removing the worm.
 
Tom said:
On a XP box I support. I just installed MSN 8 and now when
it is online a message comes up saying there is a problem
and the NT authority\system is going to shut the computer
down. Has any one seen this before?
Click to expand...

Likely has nothing to do with the MSN 8 install. More likely the
"blaster" worm.

Search this group for "rpc" or "remote"...or http://google.com for "blaster".
 
You have the MSBlaster worm. To remove it, do the
following:

The following instructions are in three parts
1. Stop it from running
2. Remove it from your system
3. Make sure it doesn't come back

Before beginning, if you have an always-on internet
connection,
it's a good idea to disconnect it.

1. Stop it from running
Press Ctrl-Alt-Delete to bring up the Task Manager, then
on the
Processes tab, click msblast.exe and then "End process."
Reply
"Yes" to the warning message that comes up.

This stops the worm from running, so your system will not
shut
down. However, it doesn't remove it, and if that's all you
do, it
will start up again the next time you boot.
***
2. Remove it from your system

a. Download a removal tool from a link below.

But if that's all you do, you can get reinfected just as
you did the first time.
***
3. Make sure it doesn't come back

a. MAKE sure you're running a Firewall that prevents worms
like
this from getting in. You can enable the built-in Windows
XP
firewall, or(preferred) download and install another one
such as the free version of ZoneAlarm. To enable the built-
in firewall, go to
Control Panel, double-click Networking and Internet
Connections,
then click Network Connections. Right-click your
connection, then
click Properties, and on the Advanced tab, click the option
"Protect my computer and network...". Note: the built in
firewall only monitors incoming traffic not outgoing(ie
spyware, trojans, etc.. you may have on your system).

b. If you've disconnected your internet connection,
reconnect it.
Download and install the Microsoft patch at
http://download.microsoft.com/download/9/8/b/98bcfad8-afbc-
458f-aaee-b7a52a983f01/WindowsXP-KB823980-x86-ENU.exe
That will remove the vulnerability that the worm exploits.

c. MAKE sure you are running an Anti-Virus program, and
that you
regularly download the latest updated virus definitions.

-----------------------------------------------------------
-----------------------------------------------------------
------------------------
If you connected the PC to the Internet without
having first
installed the KB824146 Hotfix, without having first
installed an
antivirus application with current virus definition
files, and before
enabling a firewall, you're very likely to get infected
from any of
the thousands of PCs on the Internet that are constantly
broadcasting
the Blaster and/or Welchia worms. It only takes a few
seconds of
exposure.

To stay on-line long enough to get the necessary
updates, patches,
and removal tools, click Start > Run, and enter "shutdown -
a" when the
next RPC countdown begins. This will abort the shut
down. Also, make
sure you've enabled a firewall before starting, to
preclude any more
intrusions while getting the updates/patches/tools.

Microsoft Security Bulletin MS03-39
http://support.microsoft.com/?kbid=824146

What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp

Protect Your PC
http://www.microsoft.com/security/protect/default.asp

W32.Blaster.Worm a.k.a. W32/Lovesan.Worm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm
..html

W32.Blaster.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm
..removal.tool.html

W32.Welchia.Worm a.k.a. W32/Nachi.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32
..welchia.worm.html

W32.Welchia.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.welchia.worm
..removal.tool.html
-----Original Message-----
Tom said:


Likely has nothing to do with the MSN 8 install. More likely the
"blaster" worm.

Search this group for "rpc" or "remote"...or
Click to expand...
http://google.com for "blaster".
 
I also am getting this message. Has anyone replied with
and answer? If so could you let me know? thanks
Mike Z
 
-----Original Message-----
On a XP box I support. I just installed MSN 8 and now when
it is online a message comes up saying there is a problem
and the NT authority\system is going to shut the computer
down. Has any one seen this before?

Thanks
.
No I haven't seen this before! It's a new one on me.
Click to expand...
 
You have the Blaster virus.....
First, stop the bug from running by hitting CTRL-ALT-DELETE and
bringing up the task manager. Look for msblast.exe in the list, and
kill it. Now your computer won't shut down, but the bug is still there
and will run the next time you start your machine. Go to this URL to
find out how to get rid of it:
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

See www.kellys-korner-xp.com/xp_qr.htm#rpc
http://www.kellys-korner-xp.com/xp_qr.htm
for a quick removal tool for the
MSBlast worm and a link to the Microsoft patch to prevent future infection.
Then update your antivirus software and scan your system.
Also remember to remove it from your System Volume Information folder....
Turn System Restore off and then reboot and turn it back on. Create a new
restore point
manually.
 
In (e-mail address removed)
You have the MSBlaster worm. To remove it, do the
following:

The following instructions are in three parts
1. Stop it from running
2. Remove it from your system
3. Make sure it doesn't come back
Click to expand...


Please stop quoting my messages verbatim, without even an
acknowledgement.
 
My wife's computer will reboot occasionally; but only when it is left
unattended. No blaster-like behavior. Any ideas?
 
Not overheating. If she works at the computer, it will stay on for an
entire day. But if we turn it on and then leave the house, for example,
it might sometimes reboot during our absence. This is not a power
issue, though, because that would shut it down rather than reboot it.
Also, I know it isn't a crash because it doesn't go through the
checking-the-disk-for-errors routine when it does reboot.
 
Not overheating. If she works at the computer, it will stay on for an
entire day. But if we turn it on and then leave the house, for example,
it might sometimes reboot during our absence. This is not a power
issue, though, because that would shut it down rather than reboot it.
Also, I know it isn't a crash because it doesn't go through the
checking-the-disk-for-errors routine when it does reboot.
 
Hi Michael,

Suggestions and Checkpoints:

With some ADSL/Cable modems (especially USB) you may have a problem with
getting disconnected after a few hours, here are two ways to fix that.
Disable Hibernation and Disable Windows Messenger.

And/or:

Right click My Computer Icon/Properties/Hardware/Device Manager. Expand USB
Controllers/Double Click USB Root Hub. Select Power Management and uncheck,
Allow the computer to turn off the device to save power.

More info:

By default when WinXP encounters a system failure, it reboots without
warning. The setting that controls this can be changed:

Control Panel/System/Advanced/Settings (Startup & Recovery)/System
Failure/Uncheck-Automatically Restart.

You can use Event Viewer to view and manage the event logs, gather
information about hardware and software problems, and monitor Windows
security events.

To view the event log: Administrative Tools/Event Viewer or
Start/Run/eventvwr.

To review Shutdown Event Tracker data, Open Event Viewer. Click System Log,
scroll to the Event column, and find entries with the number 1075.

HOW TO: View and Manage Event Logs in Event Viewer in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q308427

And also:

Go to Start/Run/Msinfo32/Hardware Resources, Components/Problem Devices and
Software Environment/Windows Error Reporting.

Go to Help and Support/Pick a Task (left side)/Use Tools to view.../(left
pane)My Computer Information/(right pane)View the status of my system
hardware and software/Hardware/Update and Troubleshooters.

How to Troubleshoot Hardware and Software Driver Problems
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q322205

Try running the DirectX Tool: Start/Run/Dxdiag, Lower Hardware Acceleration
(Display/Settings/Advanced/Troubleshoot/Hardware Acceleration).
 
This sounds like the best idea for us.
====================================
By default when WinXP encounters a system failure, it reboots without
warning. The setting that controls this can be changed:

Control Panel/System/Advanced/Settings (Startup & Recovery)/System
Failure/Uncheck-Automatically Restart.

You can use Event Viewer to view and manage the event logs, gather
information about hardware and software problems, and monitor Windows
security events.
 
You must log in or register to reply here.

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

XP wont shut down 8
Status Code 1073741819 when shutting down computer 5
computer won't stay on 4
What difference between "Shut Down" and "Turn Off"? 8
Computer will not shut down after installing Security Update KB2393802 9
Windows shuts down 1
Shut Down Issues 2
Can't shut computer off 68

Back
Top