Solved

New laptop reboots after 60 second countdown (Sasser and Blaster Worm - Not detected)

Posted on 2006-07-19
8
619 Views
Last Modified: 2013-12-04
Hello

I'm hoping someone can help me!
Yesterday i received a brand new Dell Latitude D620 laptop at work. With XP + SP2.
I went through the XP setup process as normal, joined the laptop to our domain, disabled the XP firewall, installed McAfee AntiVirus (which is out of date), tried to run the update which took an age and seemingly hasn't worked.
Since then, when i power on the laptop after about 90 seconds max, i receive the NTAuthority shutdown in 60 secs message. Each time it displays a different process at fault eg. lsass.exe, services.exe and even the DCOM Server Process Launcher.
In safe mode i have used the symantec sasser and blaster removal tools, both saying that they couldn't find either.
NAI - Stinger does not detect anything and the MS Malicious S/Ware Removal Tool detects nothing untoward either!
I have tried to update McAfee AV but the framepkg service won't run in safe mode. Also i am unable to restart the XP firewall due to an unidentifed problem.

Does anyone have any help or advice please?

Thanks
0
Comment
Question by:paulbutty
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 17137712
Hi,

>>Also i am unable to restart the XP firewall due to an unidentifed problem.<<

1. Check the registry if these were created to disable it:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall"=dword:00000000

------------
values set to zero --> disables it and it greys out the buttons so it can not be changed
values set to 1      --> enables it and greys out the buttons so that it can not be changed
The value has to be removed so that the firewall is not set either way and you have control over it.
It's your choice to set it to 1 or delete the value.(either way it will enable your firewall)


2. Please let us look at your hijackthis log.
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.

Then go to the below link and login using your Experts-Exchange username and password.
http://www.ee-stuff.com
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.

OR: paste the log to either of these sites:
1. http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here.

2. or at --> http://www.hijackthis.de/ 
and click "Analyse", click "Save".  Then post the link to the saved list here.




0
 

Author Comment

by:paulbutty
ID: 17138141
Thanks rpggamergirl

As requested....

http://www.rafb.net/paste/results/3tsMxb58.html

Thanks
0
 
LVL 13

Expert Comment

by:Mark_FreeSoftware
ID: 17138248

try this:

log on as you would normal do,

then goto start->run
and type (without quotes)
"Shutdown -a"

if it is correct, this should cancel the shutdown timer

now you have the time to test things
0
 

Author Comment

by:paulbutty
ID: 17139526
I have posted the hijackthis log on the URL in my last post.

The firewall has started in safe mode but will not start on normal boot up, ICS service is disabled, when i try to start the service it encounters an unknown error.

Before the system starts to crash, the toolbar and desktop icons disappear preventing me from using the shutdown - a method, in fact it prevents me from doing anything at all until it reboots!

This is now driving me mad...

0
Network it in WD Red

There's an industry-leading WD Red drive for every compatible NAS system to help fulfill your data storage needs. With drives up to 8TB, WD Red offers a wide array of solutions for customers looking to build the biggest, best-performing NAS storage solution.  

 
LVL 5

Expert Comment

by:georgecooldude
ID: 17142075
This is also bugging the hell of out me as we have Dell and McAfee. Its a known issue. Apparently McAfee fixed this in patch 11 however it doesnt work for me. Its the bluewave corp sound program thing that now comes pre-installed that affects it. Its NO virus.

For now the only solution is to reformat with windows and leave out all the junk software dell are now bundling with mahcines. I have resorted to making a nice clean image and using a program called slurpdisk to image the machine. THen when I get a new laptop put in a couple commands and bingo brand new machine and mcafee works fine cos the nasty dell software is no longer on the machine!!
0
 
LVL 13

Expert Comment

by:Mark_FreeSoftware
ID: 17142128
Before the system starts to crash, the toolbar and desktop icons disappear preventing me from using the shutdown - a method,

and by pressing control + alt + del
file -> new task "shutdown -a"
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 500 total points
ID: 17142994
0
 

Author Comment

by:paulbutty
ID: 17146356
Thanks for all your help & advice people, i now have a working laptop

Brief solution (as per rpggamergirl's link) for those that are interested:-

In safe mode, use msconfig to disable Network Associates McShield, Network Associates TaskManager and McAfee Framework Service from start up.
Reboot into normal mode
Download & Install patch 11 for VirusScan Enterprise V8.0i from McAfee download site, ignoring any errors
Restart the 3 services in msconfig
Reboot...
0

Featured Post

Scale it in WD Gold

With up to ten times the workload capacity of desktop drives, WD Gold hard drives employ advanced technology to deliver among the best in reliability, capacity, power efficiency and performance.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Nessus scan 5 275
Change Polcy settings to defaults 7 81
suspending the anti virus 6 114
About proetction-security my RDP,Something free and eficient ? 3 70
In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

28 Experts available now in Live!

Get 1:1 Help Now