Solved

New laptop reboots after 60 second countdown (Sasser and Blaster Worm - Not detected)

Posted on 2006-07-19
8
623 Views
Last Modified: 2013-12-04
Hello

I'm hoping someone can help me!
Yesterday i received a brand new Dell Latitude D620 laptop at work. With XP + SP2.
I went through the XP setup process as normal, joined the laptop to our domain, disabled the XP firewall, installed McAfee AntiVirus (which is out of date), tried to run the update which took an age and seemingly hasn't worked.
Since then, when i power on the laptop after about 90 seconds max, i receive the NTAuthority shutdown in 60 secs message. Each time it displays a different process at fault eg. lsass.exe, services.exe and even the DCOM Server Process Launcher.
In safe mode i have used the symantec sasser and blaster removal tools, both saying that they couldn't find either.
NAI - Stinger does not detect anything and the MS Malicious S/Ware Removal Tool detects nothing untoward either!
I have tried to update McAfee AV but the framepkg service won't run in safe mode. Also i am unable to restart the XP firewall due to an unidentifed problem.

Does anyone have any help or advice please?

Thanks
0
Comment
Question by:paulbutty
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 17137712
Hi,

>>Also i am unable to restart the XP firewall due to an unidentifed problem.<<

1. Check the registry if these were created to disable it:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall"=dword:00000000

------------
values set to zero --> disables it and it greys out the buttons so it can not be changed
values set to 1      --> enables it and greys out the buttons so that it can not be changed
The value has to be removed so that the firewall is not set either way and you have control over it.
It's your choice to set it to 1 or delete the value.(either way it will enable your firewall)


2. Please let us look at your hijackthis log.
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.

Then go to the below link and login using your Experts-Exchange username and password.
http://www.ee-stuff.com
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.

OR: paste the log to either of these sites:
1. http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here.

2. or at --> http://www.hijackthis.de/ 
and click "Analyse", click "Save".  Then post the link to the saved list here.




0
 

Author Comment

by:paulbutty
ID: 17138141
Thanks rpggamergirl

As requested....

http://www.rafb.net/paste/results/3tsMxb58.html

Thanks
0
 
LVL 13

Expert Comment

by:Mark_FreeSoftware
ID: 17138248

try this:

log on as you would normal do,

then goto start->run
and type (without quotes)
"Shutdown -a"

if it is correct, this should cancel the shutdown timer

now you have the time to test things
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:paulbutty
ID: 17139526
I have posted the hijackthis log on the URL in my last post.

The firewall has started in safe mode but will not start on normal boot up, ICS service is disabled, when i try to start the service it encounters an unknown error.

Before the system starts to crash, the toolbar and desktop icons disappear preventing me from using the shutdown - a method, in fact it prevents me from doing anything at all until it reboots!

This is now driving me mad...

0
 
LVL 5

Expert Comment

by:georgecooldude
ID: 17142075
This is also bugging the hell of out me as we have Dell and McAfee. Its a known issue. Apparently McAfee fixed this in patch 11 however it doesnt work for me. Its the bluewave corp sound program thing that now comes pre-installed that affects it. Its NO virus.

For now the only solution is to reformat with windows and leave out all the junk software dell are now bundling with mahcines. I have resorted to making a nice clean image and using a program called slurpdisk to image the machine. THen when I get a new laptop put in a couple commands and bingo brand new machine and mcafee works fine cos the nasty dell software is no longer on the machine!!
0
 
LVL 13

Expert Comment

by:Mark_FreeSoftware
ID: 17142128
Before the system starts to crash, the toolbar and desktop icons disappear preventing me from using the shutdown - a method,

and by pressing control + alt + del
file -> new task "shutdown -a"
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 500 total points
ID: 17142994
0
 

Author Comment

by:paulbutty
ID: 17146356
Thanks for all your help & advice people, i now have a working laptop

Brief solution (as per rpggamergirl's link) for those that are interested:-

In safe mode, use msconfig to disable Network Associates McShield, Network Associates TaskManager and McAfee Framework Service from start up.
Reboot into normal mode
Download & Install patch 11 for VirusScan Enterprise V8.0i from McAfee download site, ignoring any errors
Restart the 3 services in msconfig
Reboot...
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question