Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

New laptop reboots after 60 second countdown (Sasser and Blaster Worm - Not detected)

Posted on 2006-07-19
8
Medium Priority
?
625 Views
Last Modified: 2013-12-04
Hello

I'm hoping someone can help me!
Yesterday i received a brand new Dell Latitude D620 laptop at work. With XP + SP2.
I went through the XP setup process as normal, joined the laptop to our domain, disabled the XP firewall, installed McAfee AntiVirus (which is out of date), tried to run the update which took an age and seemingly hasn't worked.
Since then, when i power on the laptop after about 90 seconds max, i receive the NTAuthority shutdown in 60 secs message. Each time it displays a different process at fault eg. lsass.exe, services.exe and even the DCOM Server Process Launcher.
In safe mode i have used the symantec sasser and blaster removal tools, both saying that they couldn't find either.
NAI - Stinger does not detect anything and the MS Malicious S/Ware Removal Tool detects nothing untoward either!
I have tried to update McAfee AV but the framepkg service won't run in safe mode. Also i am unable to restart the XP firewall due to an unidentifed problem.

Does anyone have any help or advice please?

Thanks
0
Comment
Question by:paulbutty
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 17137712
Hi,

>>Also i am unable to restart the XP firewall due to an unidentifed problem.<<

1. Check the registry if these were created to disable it:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall"=dword:00000000

------------
values set to zero --> disables it and it greys out the buttons so it can not be changed
values set to 1      --> enables it and greys out the buttons so that it can not be changed
The value has to be removed so that the firewall is not set either way and you have control over it.
It's your choice to set it to 1 or delete the value.(either way it will enable your firewall)


2. Please let us look at your hijackthis log.
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.

Then go to the below link and login using your Experts-Exchange username and password.
http://www.ee-stuff.com
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.

OR: paste the log to either of these sites:
1. http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here.

2. or at --> http://www.hijackthis.de/ 
and click "Analyse", click "Save".  Then post the link to the saved list here.




0
 

Author Comment

by:paulbutty
ID: 17138141
Thanks rpggamergirl

As requested....

http://www.rafb.net/paste/results/3tsMxb58.html

Thanks
0
 
LVL 13

Expert Comment

by:Mark_FreeSoftware
ID: 17138248

try this:

log on as you would normal do,

then goto start->run
and type (without quotes)
"Shutdown -a"

if it is correct, this should cancel the shutdown timer

now you have the time to test things
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:paulbutty
ID: 17139526
I have posted the hijackthis log on the URL in my last post.

The firewall has started in safe mode but will not start on normal boot up, ICS service is disabled, when i try to start the service it encounters an unknown error.

Before the system starts to crash, the toolbar and desktop icons disappear preventing me from using the shutdown - a method, in fact it prevents me from doing anything at all until it reboots!

This is now driving me mad...

0
 
LVL 5

Expert Comment

by:georgecooldude
ID: 17142075
This is also bugging the hell of out me as we have Dell and McAfee. Its a known issue. Apparently McAfee fixed this in patch 11 however it doesnt work for me. Its the bluewave corp sound program thing that now comes pre-installed that affects it. Its NO virus.

For now the only solution is to reformat with windows and leave out all the junk software dell are now bundling with mahcines. I have resorted to making a nice clean image and using a program called slurpdisk to image the machine. THen when I get a new laptop put in a couple commands and bingo brand new machine and mcafee works fine cos the nasty dell software is no longer on the machine!!
0
 
LVL 13

Expert Comment

by:Mark_FreeSoftware
ID: 17142128
Before the system starts to crash, the toolbar and desktop icons disappear preventing me from using the shutdown - a method,

and by pressing control + alt + del
file -> new task "shutdown -a"
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 2000 total points
ID: 17142994
0
 

Author Comment

by:paulbutty
ID: 17146356
Thanks for all your help & advice people, i now have a working laptop

Brief solution (as per rpggamergirl's link) for those that are interested:-

In safe mode, use msconfig to disable Network Associates McShield, Network Associates TaskManager and McAfee Framework Service from start up.
Reboot into normal mode
Download & Install patch 11 for VirusScan Enterprise V8.0i from McAfee download site, ignoring any errors
Restart the 3 services in msconfig
Reboot...
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question