Solved

New laptop reboots after 60 second countdown (Sasser and Blaster Worm - Not detected)

Posted on 2006-07-19
8
618 Views
Last Modified: 2013-12-04
Hello

I'm hoping someone can help me!
Yesterday i received a brand new Dell Latitude D620 laptop at work. With XP + SP2.
I went through the XP setup process as normal, joined the laptop to our domain, disabled the XP firewall, installed McAfee AntiVirus (which is out of date), tried to run the update which took an age and seemingly hasn't worked.
Since then, when i power on the laptop after about 90 seconds max, i receive the NTAuthority shutdown in 60 secs message. Each time it displays a different process at fault eg. lsass.exe, services.exe and even the DCOM Server Process Launcher.
In safe mode i have used the symantec sasser and blaster removal tools, both saying that they couldn't find either.
NAI - Stinger does not detect anything and the MS Malicious S/Ware Removal Tool detects nothing untoward either!
I have tried to update McAfee AV but the framepkg service won't run in safe mode. Also i am unable to restart the XP firewall due to an unidentifed problem.

Does anyone have any help or advice please?

Thanks
0
Comment
Question by:paulbutty
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 17137712
Hi,

>>Also i am unable to restart the XP firewall due to an unidentifed problem.<<

1. Check the registry if these were created to disable it:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall"=dword:00000000

------------
values set to zero --> disables it and it greys out the buttons so it can not be changed
values set to 1      --> enables it and greys out the buttons so that it can not be changed
The value has to be removed so that the firewall is not set either way and you have control over it.
It's your choice to set it to 1 or delete the value.(either way it will enable your firewall)


2. Please let us look at your hijackthis log.
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.

Then go to the below link and login using your Experts-Exchange username and password.
http://www.ee-stuff.com
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.

OR: paste the log to either of these sites:
1. http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here.

2. or at --> http://www.hijackthis.de/
and click "Analyse", click "Save".  Then post the link to the saved list here.




0
 

Author Comment

by:paulbutty
ID: 17138141
Thanks rpggamergirl

As requested....

http://www.rafb.net/paste/results/3tsMxb58.html

Thanks
0
 
LVL 13

Expert Comment

by:Mark_FreeSoftware
ID: 17138248

try this:

log on as you would normal do,

then goto start->run
and type (without quotes)
"Shutdown -a"

if it is correct, this should cancel the shutdown timer

now you have the time to test things
0
 

Author Comment

by:paulbutty
ID: 17139526
I have posted the hijackthis log on the URL in my last post.

The firewall has started in safe mode but will not start on normal boot up, ICS service is disabled, when i try to start the service it encounters an unknown error.

Before the system starts to crash, the toolbar and desktop icons disappear preventing me from using the shutdown - a method, in fact it prevents me from doing anything at all until it reboots!

This is now driving me mad...

0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 5

Expert Comment

by:georgecooldude
ID: 17142075
This is also bugging the hell of out me as we have Dell and McAfee. Its a known issue. Apparently McAfee fixed this in patch 11 however it doesnt work for me. Its the bluewave corp sound program thing that now comes pre-installed that affects it. Its NO virus.

For now the only solution is to reformat with windows and leave out all the junk software dell are now bundling with mahcines. I have resorted to making a nice clean image and using a program called slurpdisk to image the machine. THen when I get a new laptop put in a couple commands and bingo brand new machine and mcafee works fine cos the nasty dell software is no longer on the machine!!
0
 
LVL 13

Expert Comment

by:Mark_FreeSoftware
ID: 17142128
Before the system starts to crash, the toolbar and desktop icons disappear preventing me from using the shutdown - a method,

and by pressing control + alt + del
file -> new task "shutdown -a"
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 500 total points
ID: 17142994
0
 

Author Comment

by:paulbutty
ID: 17146356
Thanks for all your help & advice people, i now have a working laptop

Brief solution (as per rpggamergirl's link) for those that are interested:-

In safe mode, use msconfig to disable Network Associates McShield, Network Associates TaskManager and McAfee Framework Service from start up.
Reboot into normal mode
Download & Install patch 11 for VirusScan Enterprise V8.0i from McAfee download site, ignoring any errors
Restart the 3 services in msconfig
Reboot...
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
OfficeMate Freezes on login or does not load after login credentials are input.
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now