RE: pc keeps rebooting
From: Malke (malke_at_nospoonnotreally.com)
Date: 09/08/04
- Next message: Rho_1r: "RE: Outlook express"
- Previous message: Torgeir Bakken \(MVP\): "Re: After SP2 cannot access my bank"
- In reply to: pissed off at stupidity: "RE: pc keeps rebooting"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 07 Sep 2004 19:56:58 -0700
pissed off at stupidity wrote:
> Ah! Another unprotected computer, able to spread the infection to
> other similarily unprotected computers.
>
> "Kim" wrote:
>
>> Hi
>> I join the web and within a minute i get a measage that
>> reads
>> The system process C:\WINDOWS\system32\lsass.exe
>> terminated unexpectedy with status code 1073741819
>> initiated by NT Authority\system.
>>
>> The pc counts down from 59seconds and reboots. How can i
>> stop it from doing this.
>> PLEASE help.
>> Thank you.
>> Kim
>> xp pro
>>
You *do* have a virus - either the MSBlaster or the Sasser. Here is
information:
Sounds like you've gotten caught by the Sasser worm. To stop the
rebooting, go to Start>Run and type "shutdown -a" without the quotes.
For information about the worm, go here:
http://www.sarc.com/avcenter/venc/data/w32.sasser.worm.html
Get the worm off your system and then immediately patch XP:
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx -
TechNet bulletin with download links
http://windowsupdate.microsoft.com
Install an antivirus program and keep it updated. Install a firewall. XP
has a built-in firewall, or there are free alternatives like Zone Alarm
or Sygate. Be aware that cleanup may be complex - we are now seeing
that infected computers usually have more than one variant of Sasser,
as well as one or more instance of a polybot worm from the
Gaobot/Agobot family.
And in case your infection has disabled any antivirus you may have had
(and you won't be able to install av on an infected machine):
1) Take the infected machine off the Internet and any lan immediately.
2) From a different, clean machine download Stinger
(http://vil.nai.com/vil/stinger/) and run it in Safe Mode. Stinger is a
limited virus checker, but its advantage is that it is standalone and
doesn't need to be installed.
3) Hope that Stinger cleans up the machine enough to be able to
reinstall your av or install a new, current one. Update its definitions
and do a full scan.
4) Continue the cleaning process by removing any spyware with Spybot
Search & Destroy (http://www.safer-networking.org) and Ad-aware
(http://www.lavasoftusa.com). These programs are free, so run them both
since they complement each other. You may also want to run CWShredder
and HijackThis from http://aumha.org/freeware.htm. Although CWShredder
is no longer being updated, it will still clean older variants of the
CoolWebSearch malware. Be sure to update these programs before running
them. Always read the instructions before running a spyware removal
tool. It is best to run antivirus and spyware removal tools in Safe
Mode.
Malke
-- MS MVP - Windows Shell/User Elephant Boy Computers www.elephantboycomputers.com "Don't Panic!"
- Next message: Rho_1r: "RE: Outlook express"
- Previous message: Torgeir Bakken \(MVP\): "Re: After SP2 cannot access my bank"
- In reply to: pissed off at stupidity: "RE: pc keeps rebooting"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
