Check for the W32.Sasser.E.Worm on your system..
This threat can cause Windows to keep shutting down and restarting. Keep reading it may be your
problem........
W32.Sasser.E.Worm
http://www.sarc.com/avcenter/venc/data/w32.sasser.e.worm.html
W32.Sasser.E.Worm is a minor variant of W32.Sasser.Worm. It attempts to exploit the LSASS vulnerability
described in Microsoft Security Bulletin MS04-011 and spreads by scanning randomly selected IP addresses for
vulnerable systems. W32.Sasser.E.Worm differs from W32.Sasser.Worm as follows:
* Uses a different mutex: SkynetNotice.
* Uses a different file name: lsasss.exe.
* Creates a different value in the registry: "lsasss.exe".
* Uses different port numbers, used by FTP server and the remote shell: 1023 and 1022.
* After 2 hours of running it displays a message.
* It deletes the values from the registry, which are known to be
installed by Trojan.Mitglieder, W32.Beagle.W@mm, and
W32.Beagle.X@mm.
* The name of the file retrieved from the FTP server is followed by _update.exe.
* The worm logs data into the file C:\ftplog.txt.
W32.Sasser.E.Worm can run on (but not infect) Windows 95/98/Me computers. Although these operating systems
cannot be infected, they can still be used to infect vulnerable systems that they are able to connect to.
[...]
What to do if the computer shuts down before you can patch:
This threat can cause Windows to keep shutting down and restarting.
This can prevent you from installing the Microsoft patch. To
prevent the shut down, do the following. (You may have to try this several times, as you only have about 20
seconds to do steps 3 to 6.) (This will not work on Windows 2000.)
1. Disconnect the computer from the network/Internet connection.
(Disconnect the cable if necessary.)
2. Restart the computer.
3. As soon as Windows opens and you see the Windows desktop, click
Start > Run.
4. Type:
cmd
and press Enter.
5. Type:
shutdown -i
and press Enter.
6. In the Remote Shutdown Dialog that opens, change 20 seconds to:
9999
and click OK.
This gives you about three hours to get the patch installed, update the definitions, and so on.
7. Reconnect the network/Internet connection.
8. Connect to the Internet, and get the patch. Then continue with
the steps described below.
When you have patched for and removed the threat, you can re-enable the 20 second default warning if you want
to.
[...]
http://www.sarc.com/avcenter/venc/data/w32.sasser.e.worm.html
MikeDChristyD said:
I'm running Windows XP on a P4- 2.8 GHz. Last Monday, I found my computer had shutoff and did not turn back
on. After having to replace the Motherboard and Processor, I was able to get the system to boot up. The
system gets through the boot up to the point where it asks if I want to enter safe mode. If I select
anything, or the computer selects safe mode, the computer automatically reboots. I can use Linux STD or
another system to see everything on my hard drive, but I can get the OS to finish booting. I know through
troubleshooting, it is not the Hardware. Is there anything that I can do? I have located and removed a
"Reboot" exe that was in the All Users Startup menu, but it still occurs.
