Win XP "System Shutdown by NT Authority\System"

Discussion in 'Computer Support' started by Ted, Sep 5, 2003.

  1. Ted

    Ted Guest

    Sis-in-law's machine keeps getting this message box with the big red X.....


    "This shutdown initiated by NT AUTHORITY\SYSTEM
    this system is shutting down, please save all work in progress and logoff
    Windows must now restart because the remote procedure call (RPC) service
    terminated unexpectedly"

    ...this is accompanied by a 60 second timer - then the machine reboots

    - happens consistently within 5 minutes of startup - and every time.

    Machine is Athlon 1200
    Win XP Pro
    256 mb

    - it's a clean install on Win XP (onto a FAT32 partition) which was only
    done
    2 days ago - prior to that it was running Win Me - reason for the XP
    installation was
    she said the machine "kept crashing"...

    I suspect a hardware fault - any and all advice gratefully accepted

    thanks

    Ed
     
    Ted, Sep 5, 2003
    #1
    1. Advertisements

  2. Ted

    Marc Townson Guest

    SOZ MATE u HAVE Ms Blaster
     
    Marc Townson, Sep 5, 2003
    #2
    1. Advertisements

  3. Ted

    °Mike° Guest

    Have you and your sister-in-law been asleep for the past few weeks?
    You seriously haven't heard of the Blaster worm?


    Boot into Safe Mode and start your registry editor:
    Start / Run / regedit

    Navigate to:
    HKEY_LOCAL_MACHINE
    +Software
    +Microsoft
    +Windows
    +CurrentVersion
    +Run

    In the right-hand pane, look for any entry/ies that include
    MSBLAST.EXE, PENIS32.EXE or TEEKIDS.EXE and
    DELETE it/them.
    These are the files associated with the different variants:
    Variant A - msblast.exe
    Variant B - penis32.exe
    Variant C - teekids.exe

    You just disabled the worm from running at startup, so boot into
    normal mode again, and turn off ALL system restores to purge
    your system.

    Open Windows Explorer to the ..\Windows\System32\ or
    ...\WinNT\System32\ folder and DELETE *any* of the
    files named above.

    Next, go to the ..\Windows\Prefetch\ or ..\WinNT\Prefetch\
    and find the reference to the above file/s (any reference will
    be similar to: <filename.exe>-<alphanumerics>.PF), for example,
    msblast.exe-0235D8H6.pf, and DELETE it/them.

    Now you can download and install the patch, configure your
    firewall and update your virus scanner.

    Virus Alert About the Blaster Worm and Its Variants
    http://support.microsoft.com/search/preview.aspx?id=kb;en-us;826955

    Microsoft Security Bulletin MS03-026
    http://www.microsoft.com/technet/security/bulletin/MS03-026.asp

    What you should know about the Blaster worm
    http://www.microsoft.com/security/incident/blast.asp

    Windows RPC DCOM Buffer Overflow Remote Exploit (MS03-026)
    http://www.k-otik.com/exploits/07.25.winrpcdcom.c.php

    How to Use The KB 823980 Scanning Tool to Identify Host Computers
    That Do Not Have The 823980 Security Patch (MS03-026) Installed
    http://support.microsoft.com/search/preview.aspx?id=kb;en-us;826369

    W32.Blaster.Worm
    http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html

    W32.Blaster.B.Worm
    http://www.symantec.com/avcenter/venc/data/w32.blaster.b.worm.html

    W32.Blaster.C.Worm
    http://www.symantec.com/avcenter/venc/data/w32.blaster.c.worm.html

    W32.Blaster.Worm Removal Tool
    http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
     
    °Mike°, Sep 5, 2003
    #3
  4. Ted

    EricP Guest

    Where have you been the last few weeks?

    Get the machine online and update the AV and then run it.

    Or look up the lists here and see for a direct link to remove this
    virus.
     
    EricP, Sep 5, 2003
    #4
  5. Ted

    Hamman Guest

    <snip irrelevant stuff>

    Seriously tho, am i the only person tho didnt get the damn virus? I feel so
    left out :-(
     
    Hamman, Sep 5, 2003
    #5
  6. No, I didn't get it either. Of course, I'm running Linux....
     
    Gary G. Taylor, Sep 5, 2003
    #6
  7. Ted

    riz Guest

    and i didn't get it either...of course i'm still running win 95

    Gary G. Taylor wrote in message
    No, I didn't get it either. Of course, I'm running Linux....
    --
     
    riz, Sep 5, 2003
    #7
  8. Ted

    Ted Guest

    Thanks guys - a virus was the last thing I suspected...I reformatted the HD
    2 days ago - it survived that ?

    Ed
     
    Ted, Sep 5, 2003
    #8
  9. This is the Flibbydabby Dee service of the BBC, & on Fri, 5 Sep 2003 21:21:01
    +0100, Hamman uttered this:
    Nope. I didn't get it, though I'm running linux.
     
    William Poaster, Sep 5, 2003
    #9
  10. Ted

    Kraftee Guest

    No it got re infected, yes it happens that quickly....
     
    Kraftee, Sep 5, 2003
    #10
  11. Ted

    Kraftee Guest

    Nope you are not alone none of mine was touched (3 machines on XP, yes
    I'm a masochist)...
     
    Kraftee, Sep 5, 2003
    #11
  12. Ted

    BIG NIGE Guest

    I DIDNT GET IT EITHER but i running win 98se
     
    BIG NIGE, Sep 5, 2003
    #12
  13. Ted

    °Mike° Guest

    You haven't installed the patch?


     
    °Mike°, Sep 5, 2003
    #13
  14. Ted

    Ted Guest

    Not yet - you have to understand I only found about this tonight - doing it
    tomorrow - honest !

    - thing is - MY machine is firewalled and av'd up to the limit - so maybe I
    was insulated - but sis-in-law
    went on the net naked - if you see what I mean....she won't do it again !

    big thanks to all you top peeps !

    Ed
     
    Ted, Sep 6, 2003
    #14
  15. Ted

    Mike0000 Guest

    Yes! Patch the system. Download the MSBlaster patch to a CD (or on a floppy
    if it fits). Run it, and then connect the computer to the internet.

    Or just run the blaster cleaning tool if you dont want to do a reinstall.
     
    Mike0000, Sep 6, 2003
    #15
  16. Ted

    jmnugent Guest

    Yeah...me neither .....I'm running WFWG....(kidding)....
    --jmnugent
     
    jmnugent, Sep 6, 2003
    #16
  17. Ted

    jeroen Guest

    <snip>
    Which rock have you been hiding under?

    You know, I can't even feel sorry for someone who's that stupid!
     
    jeroen, Sep 6, 2003
    #17
  18. Ted

    Ted Guest

    Please don't flame me - I haven't been hiding under any rock !!

    if you can't contribute anything positive to my post then please don't
    bother at all

    thanks for your understanding
     
    Ted, Sep 6, 2003
    #18
  19. Ted

    xman Charlie Guest

    This site address some of this:

    http://www.blkviper.com/index.html

    my 2 cents

     
    xman Charlie, Sep 7, 2003
    #19
  20. Ted

    Badger Guest

    Some people are soooo intolerant!
    This behaviour is a symptom of the Blast Worm. If you go to microsoft.com
    you will find a fix for it.
    Badger
     
    Badger, Sep 9, 2003
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.