Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 626
  • Last Modified:

New laptop reboots after 60 second countdown (Sasser and Blaster Worm - Not detected)

Hello

I'm hoping someone can help me!
Yesterday i received a brand new Dell Latitude D620 laptop at work. With XP + SP2.
I went through the XP setup process as normal, joined the laptop to our domain, disabled the XP firewall, installed McAfee AntiVirus (which is out of date), tried to run the update which took an age and seemingly hasn't worked.
Since then, when i power on the laptop after about 90 seconds max, i receive the NTAuthority shutdown in 60 secs message. Each time it displays a different process at fault eg. lsass.exe, services.exe and even the DCOM Server Process Launcher.
In safe mode i have used the symantec sasser and blaster removal tools, both saying that they couldn't find either.
NAI - Stinger does not detect anything and the MS Malicious S/Ware Removal Tool detects nothing untoward either!
I have tried to update McAfee AV but the framepkg service won't run in safe mode. Also i am unable to restart the XP firewall due to an unidentifed problem.

Does anyone have any help or advice please?

Thanks
0
paulbutty
Asked:
paulbutty
  • 3
  • 2
  • 2
  • +1
1 Solution
 
rpggamergirlCommented:
Hi,

>>Also i am unable to restart the XP firewall due to an unidentifed problem.<<

1. Check the registry if these were created to disable it:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall"=dword:00000000

------------
values set to zero --> disables it and it greys out the buttons so it can not be changed
values set to 1      --> enables it and greys out the buttons so that it can not be changed
The value has to be removed so that the firewall is not set either way and you have control over it.
It's your choice to set it to 1 or delete the value.(either way it will enable your firewall)


2. Please let us look at your hijackthis log.
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.

Then go to the below link and login using your Experts-Exchange username and password.
http://www.ee-stuff.com
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.

OR: paste the log to either of these sites:
1. http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here.

2. or at --> http://www.hijackthis.de/ 
and click "Analyse", click "Save".  Then post the link to the saved list here.




0
 
paulbuttyAuthor Commented:
Thanks rpggamergirl

As requested....

http://www.rafb.net/paste/results/3tsMxb58.html

Thanks
0
 
Mark_FreeSoftwareCommented:

try this:

log on as you would normal do,

then goto start->run
and type (without quotes)
"Shutdown -a"

if it is correct, this should cancel the shutdown timer

now you have the time to test things
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
paulbuttyAuthor Commented:
I have posted the hijackthis log on the URL in my last post.

The firewall has started in safe mode but will not start on normal boot up, ICS service is disabled, when i try to start the service it encounters an unknown error.

Before the system starts to crash, the toolbar and desktop icons disappear preventing me from using the shutdown - a method, in fact it prevents me from doing anything at all until it reboots!

This is now driving me mad...

0
 
georgecooldudeCommented:
This is also bugging the hell of out me as we have Dell and McAfee. Its a known issue. Apparently McAfee fixed this in patch 11 however it doesnt work for me. Its the bluewave corp sound program thing that now comes pre-installed that affects it. Its NO virus.

For now the only solution is to reformat with windows and leave out all the junk software dell are now bundling with mahcines. I have resorted to making a nice clean image and using a program called slurpdisk to image the machine. THen when I get a new laptop put in a couple commands and bingo brand new machine and mcafee works fine cos the nasty dell software is no longer on the machine!!
0
 
Mark_FreeSoftwareCommented:
Before the system starts to crash, the toolbar and desktop icons disappear preventing me from using the shutdown - a method,

and by pressing control + alt + del
file -> new task "shutdown -a"
0
 
paulbuttyAuthor Commented:
Thanks for all your help & advice people, i now have a working laptop

Brief solution (as per rpggamergirl's link) for those that are interested:-

In safe mode, use msconfig to disable Network Associates McShield, Network Associates TaskManager and McAfee Framework Service from start up.
Reboot into normal mode
Download & Install patch 11 for VirusScan Enterprise V8.0i from McAfee download site, ignoring any errors
Restart the 3 services in msconfig
Reboot...
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 3
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now