Win XP "System Shutdown by NT Authority\System"

Discussion in 'Computer Support' started by Ted, Sep 5, 2003.

  1. Ted

    Ted Guest

    Sis-in-law's machine keeps getting this message box with the big red X.....

    "This shutdown initiated by NT AUTHORITY\SYSTEM
    this system is shutting down, please save all work in progress and logoff
    Windows must now restart because the remote procedure call (RPC) service
    terminated unexpectedly"

    ...this is accompanied by a 60 second timer - then the machine reboots

    - happens consistently within 5 minutes of startup - and every time.

    Machine is Athlon 1200
    Win XP Pro
    256 mb

    - it's a clean install on Win XP (onto a FAT32 partition) which was only
    2 days ago - prior to that it was running Win Me - reason for the XP
    installation was
    she said the machine "kept crashing"...

    I suspect a hardware fault - any and all advice gratefully accepted


    Ted, Sep 5, 2003
    1. Advertisements

  2. Ted

    Marc Townson Guest

    SOZ MATE u HAVE Ms Blaster
    Marc Townson, Sep 5, 2003
    1. Advertisements

  3. Ted

    °Mike° Guest

    Have you and your sister-in-law been asleep for the past few weeks?
    You seriously haven't heard of the Blaster worm?

    Boot into Safe Mode and start your registry editor:
    Start / Run / regedit

    Navigate to:

    In the right-hand pane, look for any entry/ies that include
    DELETE it/them.
    These are the files associated with the different variants:
    Variant A - msblast.exe
    Variant B - penis32.exe
    Variant C - teekids.exe

    You just disabled the worm from running at startup, so boot into
    normal mode again, and turn off ALL system restores to purge
    your system.

    Open Windows Explorer to the ..\Windows\System32\ or
    ...\WinNT\System32\ folder and DELETE *any* of the
    files named above.

    Next, go to the ..\Windows\Prefetch\ or ..\WinNT\Prefetch\
    and find the reference to the above file/s (any reference will
    be similar to: <filename.exe>-<alphanumerics>.PF), for example,, and DELETE it/them.

    Now you can download and install the patch, configure your
    firewall and update your virus scanner.

    Virus Alert About the Blaster Worm and Its Variants;en-us;826955

    Microsoft Security Bulletin MS03-026

    What you should know about the Blaster worm

    Windows RPC DCOM Buffer Overflow Remote Exploit (MS03-026)

    How to Use The KB 823980 Scanning Tool to Identify Host Computers
    That Do Not Have The 823980 Security Patch (MS03-026) Installed;en-us;826369




    W32.Blaster.Worm Removal Tool
    °Mike°, Sep 5, 2003
  4. Ted

    EricP Guest

    Where have you been the last few weeks?

    Get the machine online and update the AV and then run it.

    Or look up the lists here and see for a direct link to remove this
    EricP, Sep 5, 2003
  5. Ted

    Hamman Guest

    <snip irrelevant stuff>

    Seriously tho, am i the only person tho didnt get the damn virus? I feel so
    left out :-(
    Hamman, Sep 5, 2003
  6. No, I didn't get it either. Of course, I'm running Linux....
    Gary G. Taylor, Sep 5, 2003
  7. Ted

    riz Guest

    and i didn't get it either...of course i'm still running win 95

    Gary G. Taylor wrote in message
    No, I didn't get it either. Of course, I'm running Linux....
    riz, Sep 5, 2003
  8. Ted

    Ted Guest

    Thanks guys - a virus was the last thing I suspected...I reformatted the HD
    2 days ago - it survived that ?

    Ted, Sep 5, 2003
  9. This is the Flibbydabby Dee service of the BBC, & on Fri, 5 Sep 2003 21:21:01
    +0100, Hamman uttered this:
    Nope. I didn't get it, though I'm running linux.
    William Poaster, Sep 5, 2003
  10. Ted

    Kraftee Guest

    No it got re infected, yes it happens that quickly....
    Kraftee, Sep 5, 2003
  11. Ted

    Kraftee Guest

    Nope you are not alone none of mine was touched (3 machines on XP, yes
    I'm a masochist)...
    Kraftee, Sep 5, 2003
  12. Ted

    BIG NIGE Guest

    I DIDNT GET IT EITHER but i running win 98se
    BIG NIGE, Sep 5, 2003
  13. Ted

    °Mike° Guest

    You haven't installed the patch?

    °Mike°, Sep 5, 2003
  14. Ted

    Ted Guest

    Not yet - you have to understand I only found about this tonight - doing it
    tomorrow - honest !

    - thing is - MY machine is firewalled and av'd up to the limit - so maybe I
    was insulated - but sis-in-law
    went on the net naked - if you see what I mean....she won't do it again !

    big thanks to all you top peeps !

    Ted, Sep 6, 2003
  15. Ted

    Mike0000 Guest

    Yes! Patch the system. Download the MSBlaster patch to a CD (or on a floppy
    if it fits). Run it, and then connect the computer to the internet.

    Or just run the blaster cleaning tool if you dont want to do a reinstall.
    Mike0000, Sep 6, 2003
  16. Ted

    jmnugent Guest neither .....I'm running WFWG....(kidding)....
    jmnugent, Sep 6, 2003
  17. Ted

    jeroen Guest

    Which rock have you been hiding under?

    You know, I can't even feel sorry for someone who's that stupid!
    jeroen, Sep 6, 2003
  18. Ted

    Ted Guest

    Please don't flame me - I haven't been hiding under any rock !!

    if you can't contribute anything positive to my post then please don't
    bother at all

    thanks for your understanding
    Ted, Sep 6, 2003
  19. Ted

    xman Charlie Guest

    This site address some of this:

    my 2 cents

    xman Charlie, Sep 7, 2003
  20. Ted

    Badger Guest

    Some people are soooo intolerant!
    This behaviour is a symptom of the Blast Worm. If you go to
    you will find a fix for it.
    Badger, Sep 9, 2003
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.