• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 378
  • Last Modified:

Users PC shutting itself down

Users PC keeps shutting down. Havent had a chance to look at it, but isnt this an old worm from a few years back? Would the stinger tool clean this up?

If I am wrong, please provide a link where I can get cleaner tool and how to stop it from shutting down (i think its  shutdown -a)?
  • 3
1 Solution
Hello dissolved =)

Is it giving the 60 second countdowner message ?? if Yes then its Sasser =\
What You Should Know About the Sasser Worm and Its Variants:

Apply MS Security Bulletin:

Use One of the Following Removal Tools to Delete the Virus:
1) Sasser (A-F) Worm Removal Tool (KB841720) >> http://www.microsoft.com/downloads/details.aspx?familyid=76C6DE7E-1B6B-4FC3-90D4-9FA42D14CC17&displaylang=en

2) FxSasser.exe.from Symantec >> http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.removal.tool.html

3) Stinger from McAfee >> http://vil.nai.com/vil/stinger/

4) SysClean PACKAGE from TrendMicro >> http://www.trendmicro.com/download/dcs.asp

5) SASSGUI\SASSSFX from Sophos >> http://www.sophos.com/support/disinfection/sasser.html

6) ClnSasser from Computer Associates >> http://www3.ca.com/Files/VirusInformationAndPrevention/clnsasser.zip

7) F-Sasser from F-Secure >> http://www.f-secure.com/tools/f-sasser.zip

8) SasserFix2 from Norman >> http://www.norman.com/Virus/Virus_removal_tools/14938

9) QuickRemover from Panda >> http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?lst=sol&idvirus=46865
NOTE: plzz see the Relevant Sites for FULL Instructions on Removal in the First Link Before using the Tools
And if its the 30 seconds countdowner message of "NT Authority\System Error Message: "This system is shutting down. Windows must now restart because the Remote Procedure Call (RPC) service terminated unexpectedly."
Then its Blaster !!

What You Should Know About the Blaster Worm:

Apply Microsoft Security Bulletin MS03-039:


Blaster Worm Removal Tool for Windows XP and Windows 2000 (KB833330) >> http://www.microsoft.com/downloads/details.aspx?FamilyID=e70a0d8b-fe98-493f-ad76-bf673a38b4cf&displaylang=en

FixBlast.exe from Symantec >> http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

Stinger from McAfee >> http://vil.nai.com/vil/stinger/

Trend Micro >>  http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MSBLAST.A

Computer Associates >> http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=36265

F-Secure >> http://www.f-secure.com/v-descs/msblast.shtml
dissolvedAuthor Commented:
thanks bud
You are Welcome! :)

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now