Nt Authority/system. Auto Shutdown

throwingapie · Aug 12, 2003

hi all,

i am using Windows2000 and i connect to the internet through a ADSL modem. all was working fine till last nite when a pop window saying

The system is shutting dow. Please save all your work before you log off. All unsaed data will be lost. This shutdown is initiated by NT AUTHORITY/SYSTEM. Shutdown is as a result of remote procedure call due to unexpected termniation.

or sth to that effect.

what the hell is happening here

tried looking for information on google but couldnt find any.

if the pc is not connected to the internet all works fine.

any help would be greatly apprectiated !

thanks mates

dusteve · Aug 12, 2003

I thought it was just me. I had the same problem and I got into work this morning and another guy it as well.

Anyone any ideas??

Thanks

dusteve

nhalfyard · Aug 12, 2003

Found a solution

go to this web page http://www.jsiinc.com/SUBK/tip5000/rh5044.htm

I have not tried it yet but it could be the solution and sounds about right.

arlonharrison77 · Aug 13, 2003

This is a VIRUS

Most likely. I have heard about it. There is a patch available... but I don't recall where. Good luck! I'd give you some advice on wasy to disable it, but you have to fast at REGEDIT and know what is supposed to boot on your PC. there is a patch available for this virus however... if you can download it 59 seconds. Again, good luck!

nhalfyard · Aug 13, 2003

I'm just wainting to speak to microsoft, I hoped it was not a virus, but could it be the WIN32 worm virus?

arlonharrison77 · Aug 13, 2003

You may want to check out http://nwn.bioware.com/forums/viewtopic.html?topic=251421&forum=42
This is just another discussion board, but there is a lot of useful info and links to some sites that may help you solve your problem

arlonharrison77 · Aug 13, 2003

a patch is available at <URL>http://microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp</URL> Pick your OS... and download. (cross your fingers, you've only got 59 seconds to get this. If you've got 2000 (please say you do) it is only 900 k, and will take about five minutes. ****! that won't work. There is a way to disable the virus (or at least the shutdown) but I don't recall what it is... or how to do it.

I could probably handle it in the registry, but as I don't have an NT computer, or the virus to play with... I don't know where it stores the launch data.

However, programs are told to launch from the following locations
If you are desperate, just delete everything from those keys. (it shouldn't kill your PC... but you may be out a driver or two and some programs you have set to startup won't start anymore... that is the least of your worries, though.)

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices

arlonharrison77 · Aug 13, 2003

The virus name is msblast.exe. If you see this on your computer, your infected. It is also known as the Lovsan worm.

This data came from http://www.f-secure.com/v-descs/msblast.shtml

How to get rid of Lovsan worm in 5 minutes:

1. Boot up the infected computer

2. If you keep getting the "Shutdown in 60 seconds" dialog, click Start / Run, and execute command 'shutdown -a'

3. Download and run the Microsoft patch to close the RPC hole.

Download for Windows 2000 from www.microsoft.com:
http://www.f-secure.com/dl-w2k/

Download for Windows XP from www.microsoft.com:
http://www.f-secure.com/dl-wxp/

4. Download and run F-Secure's F-LOVSAN tool to remove the virus:
ftp://ftp.f-secure.com/anti-virus/tools/f-lovsan.zip

5. You're done.

nhalfyard · Aug 13, 2003

Great! My father in law also has it on two of his computers, I'm not at home now so I cant try it but I will get my father in law on the case!

throwingapie · Aug 15, 2003

thanks mates

managed to get the patch from the microsoft website.

installed zonealarm too !!

tap

Clem$Idia · Aug 16, 2003

i just did control . alt . delete, went into processes and ended msblast.exe process.

im running windows xp
For now i have to do that everytime i start my computer.
It will give you enough time to download any patch you may need.

Hope it Helps,
Guertrude

clara2172 · Aug 25, 2003

THANK YOU SO MUCH FOR THE HELP, IT SAVED ME FROM GOING 2 A PROFESSIONAL!!!!!

mschatz · Jul 8, 2004

What? I thought ALL the people here were 'PROFESSIONALS'!

DoZZa · Jul 12, 2004

to stop the virus shutting you down, open the command prompt and type shutdown -a

this will stop it from shutting down allowing you to com,pleate the patch download

Nt Authority/system. Auto Shutdown

throwingapie

Registered

dusteve

Registered

nhalfyard

Registered

arlonharrison77

Registered

nhalfyard

Registered

arlonharrison77

Registered

arlonharrison77

Registered

arlonharrison77

Registered

nhalfyard

Registered

throwingapie

Registered

Clem$Idia

Registered

clara2172

Registered

mschatz

Registered

DoZZa

Registered