If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
This shutdown was initiated by NT AUTHORITY\SYSTEM
This shutdown was initiated by NT AUTHORITY\SYSTEM
|
Ads |
#2
|
|||
|
|||
This shutdown was initiated by NT AUTHORITY\SYSTEM
Possibility Blaster or Sasser:
http://www3.telus.net/dandemar/sasser.htm -- Jupiter Jones [MVP] http://www3.telus.net/dandemar/ "PK" wrote in message ... This shutdown was initiated by NT AUTHORITY\SYSTEM |
#3
|
|||
|
|||
This shutdown was initiated by NT AUTHORITY\SYSTEM
Greetings --
As you haven't provided any specific details or error messages, the following is the result of having to guess what your problem might be. There are at least two possibilities: 1) If you connected the PC to the Internet without having first enabled a firewall, without having first installed an antivirus application with current virus definition files, and before installing the KB828471 Hotfix, you're very likely to get infected from any of the thousands of PCs on the Internet that are constantly broadcasting the Blaster and/or Welchia worms. It only takes a few seconds of exposure. To stay on-line long enough to get the necessary updates, patches, and removal tools, click Start Run, and enter "shutdown -a" when the next RPC countdown begins. This will abort the shut down. Also, make sure you've enabled a firewall before starting, to preclude any more intrusions while getting the updates/patches/tools. MS04-012 Cumulative Update for Microsoft RPC-DCOM http://support.microsoft.com/default...b;en-us;828741 What You Should Know About the Blaster Worm http://www.microsoft.com/security/incident/blast.asp W32.Blaster.Worm a.k.a. W32/Lovesan.Worm http://www.symantec.com/avcenter/ven...ster.worm.html W32.Blaster.Worm Removal Tool http://www.symantec.com/avcenter/ven...oval.tool.html W32.Welchia.Worm a.k.a. W32/Nachi.Worm http://securityresponse.symantec.com...chia.worm.html W32.Welchia.Worm Removal Tool http://www.symantec.com/avcenter/ven...oval.tool.html McAfee AVERT Stinger http://us.mcafee.com/virusInfo/default.asp?id=stinger 2) You've apparently contracted the latest worm, W32.Sasser.Worm, specifically designed to attack people who do not update their computers promptly and who do not practice "safe hex." In other words, like Blaster, this worm was developed and distributed _after_ a patch for the vulnerability was announced and made publicly available. Further, and also like Blaster, this worm could not affect any computer whose user had taken the basic precaution of using a properly configured firewall. To stay on-line long enough to get the necessary updates, patches, and removal tools, click Start Run, and enter "shutdown -a" when the next Shutdown countdown begins. This will abort the shut down. Also, make sure you've enabled a firewall before starting, to preclude any more intrusions while getting the updates/patches/tools. What You should Know about the Sasser Worm and its Variants http://www.microsoft.com/security/incident/sasser.asp Microsoft Security Bulletin MS04-011 http://www.microsoft.com/technet/sec.../MS04-011.mspx W32.Sasser.Worm http://www.symantec.com/avcenter/ven...sser.worm.html A tool is available to remove the Sasser worm variants http://support.microsoft.com/default...b;EN-US;841720 W32.Sasser.Worm Removal Tool http://securityresponse.symantec.com...oval.tool.html McAfee AVert Stinger Virus Removal Tool http://vil.nai.com/vil/stinger/ Bruce Chambers -- Help us help you: http://dts-l.org/goodpost.htm http://www.catb.org/~esr/faqs/smart-questions.html You can have peace. Or you can have freedom. Don't ever count on having both at once. - RAH "PK" wrote in message ... This shutdown was initiated by NT AUTHORITY\SYSTEM |
Thread Tools | |
Display Modes | |
|
|