Page 1 of 1
My computer's spontaneously shutting down.
Posted: 2004-05-03 04:04pm
by Rogue 9
Error Message wrote:This system is shutting down. Please save all work in progress and log off. Any unsaved changes will be lost. This shutdown was authorized by NT AUTHORITY\SYSTEM. Timer countdown.
The system process C:\WINDOWS\system32\lsass.exe terminated unexpectedly with status code -1073741819. The system will now shut down and restart.
Anybody know what the hell this is? I have no clue how long I have until it does this again; it just happened twice within five minutes. Its doing it again right now. What the hell?
Okay, that's all of it. I'm running Windows XP. What gives? Its done it five times now.
Posted: 2004-05-03 04:08pm
by Hamel
2000/NT/XP?
This happens when ya end one of the svchost processes in task manager. Something might be killing it.
Posted: 2004-05-03 04:12pm
by Rogue 9
I'm getting as much of it as I can while the timer's running. That's almost all of it.
Posted: 2004-05-03 04:35pm
by Hamel
Rogue 9 wrote:I'm getting as much of it as I can while the timer's running. That's almost all of it.
Try running in safe mode, and if possible, scan for viruses. Something is killing critical system processes.
Posted: 2004-05-03 04:36pm
by Rogue 9
Won't let me get through a virus scan. Not enough time. It seems to be getting more frequent.
Posted: 2004-05-03 04:38pm
by Hamel
Rogue 9 wrote:Won't let me get through a virus scan. Not enough time. It seems to be getting more frequent.
Boot from your OS' CD and use the recovery console to repair your installation. At the most you would replace the OS, and would not lose your other files.
Posted: 2004-05-03 04:39pm
by Dahak
That, my friend, is the sasser virus.
Useful information
Posted: 2004-05-03 04:48pm
by Rogue 9
Damn, its doing it again and the virus scan didn't find it first.
Posted: 2004-05-03 04:54pm
by Dahak
Rogue 9 wrote:Damn, its doing it again and the virus scan didn't find it first.
Download the patch
here.
Download removal tool
here.
Posted: 2004-05-03 04:54pm
by Rogue 9
Shuts down before the download completes. I've been trying it.
Posted: 2004-05-03 04:56pm
by Hamel
Rogue 9 wrote:Shuts down before the download completes. I've been trying it.
Have you tried safe mode or the recovery console yet?
Posted: 2004-05-03 04:58pm
by Dahak
Rogue 9 wrote:Shuts down before the download completes. I've been trying it.
When it shuts down, go to start menu -> run, and type "shutdown -a" in it.
Posted: 2004-05-03 04:59pm
by Rogue 9
WOOHOO! VICTORY IS MINE!
It was Sasser B. I just hope there's not another copy on here...
Edit: The file name was C:\WINDOWS\avserve2.exe
Posted: 2004-05-03 07:17pm
by phongn
This is why you routinely go to Windows Update or have it automatically update for you. The patch has been out for more than two weeks.
Posted: 2004-05-03 09:16pm
by Xon
Do your self and the world a favour.
Put a router/hardware/software firewall between your computer and the internet and block the TCP/IP ports: 139-445.
Those ports have known security issues, do not allow them to be exposed to the internet. Exposing this ports to the internet is a stupid(And in Australia aurgably criminal) thing todo.
Posted: 2004-05-03 09:33pm
by Pu-239
Why not everything below, say, 1500-2000 (exempting P2P software)? Anyway, I just nmapped the win2k computer upstairs (not mine, my sister's).
Nmap of Win2k computer upstairs:
Code: Select all
135/tcp open msrpc
139/tcp open netbios-ssn
389/tcp open ldap
445/tcp open microsoft-ds
1002/tcp open windows-icfw
1025/tcp open NFS-or-IIS
1720/tcp open H.323/Q.931
Can anyone explain what is happening above? I'm not a windows expert.
Also note that this computer is deliberately connected to the internet w/o any software firewall, since it interferes with internet connection sharing (so how do I rectify this and still allow ICS to work.. yes, I will claim writing IPTables scripts is 1000x easier to understand)(my sister insists on having it dial out directly when she is home, despite the fact that things are noticibly faster when things are routed through a caching proxy server
. She also insists on using IE... it's been amazing how no malware is on it yet (then again, lots of malware probably is on it, just undetected due to lack of spyware removal programs)).
Posted: 2004-05-03 09:50pm
by phongn
You are playing with fire not having anything on it. If she gets hit, browbeat her into letting you put something on ... and software firewalls should cooperate with ICS since you have the option of only blocking the dial-up networking adapter.
Port 135 is the Remote Procedure Call service. You can't shut that down.
Port 139 is for NetBIOS-based SMB/CIFS networking
Port 389 is for LDAP authentication (i.e. ActiveDirectory)
Port 1002 looks like its related to the built-in Windows firewall but it can also be used for NetMeeting
Port 1025 is related to IIS ... does she have Personal Web Sharing enabled?
Port 1720 is for various interactive media stuff.
Posted: 2004-05-03 11:58pm
by Pu-239
I don't think she is using PWS or videoconferencing.... oh, and the udp scan:
Code: Select all
PORT STATE SERVICE
53/udp open domain
135/udp open msrpc
137/udp open netbios-ns
138/udp open netbios-dgm
445/udp open microsoft-ds
500/udp open isakmp
I've never gotten IPSEC to work w/ ICS blocking all ports listed by nmap or using KPF w/o having timeout errors, even with sharing explicitly enabled for KPF... need to look at it if/when computer upstairs gets nuked, since currently not allowed to use computer.
Posted: 2004-05-04 08:46pm
by Stark
I occassionally get the same error and shutdown after a few hours of downloading with emule; I've got no virus activity tho. Bloody emule
