CBHelpDesk
asked on
Windows XP Shutdown -- Status Code 1073741819
I have a user who has an XP machine w/ SP2 and has the most current updates installed on his computer. He has recently been having shut down issues.
He will receive a message box referencing "lsass.exe: 0x012e0178 referenced at 0x00000000 can't be written". He clicks on the OK button then will receive :
"System Shutdown: This system is shutting down. Please save all work in progress and log off. Any unsaved changes will be lost. This shutdown was initiated by NT AUTHORITY\SYSTEM, and gives a 60 second timer before it shuts down. The message in the System Shutdown box lists status code 1073741819.
When the computer restarts, and the user logs in, he will receive a Data Execution Prevention message citing LSA Shell (Export Version).
Thinking it was a virus issue, I did a full scan with Sophos, Microsoft Malicious Software Removal Tool, no virus was detected. In addition used Symantec's removal tool for Sasser and Blaster, and neither found anything.
Any thoughts on what I can do or what the issue might be.
Thanks!
He will receive a message box referencing "lsass.exe: 0x012e0178 referenced at 0x00000000 can't be written". He clicks on the OK button then will receive :
"System Shutdown: This system is shutting down. Please save all work in progress and log off. Any unsaved changes will be lost. This shutdown was initiated by NT AUTHORITY\SYSTEM, and gives a 60 second timer before it shuts down. The message in the System Shutdown box lists status code 1073741819.
When the computer restarts, and the user logs in, he will receive a Data Execution Prevention message citing LSA Shell (Export Version).
Thinking it was a virus issue, I did a full scan with Sophos, Microsoft Malicious Software Removal Tool, no virus was detected. In addition used Symantec's removal tool for Sasser and Blaster, and neither found anything.
Any thoughts on what I can do or what the issue might be.
Thanks!
ASKER
Thanks for the suggestion. There is only lsass on the computer. I slaved the drive and did a couple different scans on the drive with no result.
Problem: LSA Shell (Export Version) has encountered a problem and needs to close.
Then: C:\Windows\System32\ Isass.exe terminated unexpectedly with status code 1073741819.
http://www.microsoft.com/downloads/details.aspx?FamilyID=ad724ae0-e72d-4f54-9ab3-75b8eb148356&DisplayLang=en
http://www.symantec.com/security_response/writeup.jsp?docid=2004-050114-1706-99
http://vil.nai.com/vil/stinger/
Manual Removal Instructions
To remove this virus "by hand", follow these steps:
Reboot the system into Safe Mode (hit the F8 key as soon as the Starting Windows text is displayed, choose Safe Mode.
Delete the file AVSERVE.EXE from your WINDOWS directory (typically c:\windows or c:\winnt)
Edit the registry
Delete the "avserve" value from
HKEY_LOCAL_MACHINE\SOFTWAR
Windows\CurrentVersion\Run
Then: C:\Windows\System32\ Isass.exe terminated unexpectedly with status code 1073741819.
http://www.microsoft.com/downloads/details.aspx?FamilyID=ad724ae0-e72d-4f54-9ab3-75b8eb148356&DisplayLang=en
http://www.symantec.com/security_response/writeup.jsp?docid=2004-050114-1706-99
http://vil.nai.com/vil/stinger/
Manual Removal Instructions
To remove this virus "by hand", follow these steps:
Reboot the system into Safe Mode (hit the F8 key as soon as the Starting Windows text is displayed, choose Safe Mode.
Delete the file AVSERVE.EXE from your WINDOWS directory (typically c:\windows or c:\winnt)
Edit the registry
Delete the "avserve" value from
HKEY_LOCAL_MACHINE\SOFTWAR
Windows\CurrentVersion\Run
ASKER
Unfortunately, I have already run Microsoft's Malicious Software Removal Tool, Stinger, Symantec's Removal Tool with no result. Also, avserve.exe cannot be found anywhere on the computer nor the registry. I am at the point where I am going to rebuild the computer unless you have any other thoughts. Thanks for your suggestions and help.
yeah, that sounds like what you'll have to do, as i can't find anything else that points to a decisive answer.
could you refund but paq this as it was hard trying to find anything on this direct error & it may help others in the future, thx.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
try slaving the drive to another computer or put it in a usb enclosure, then do a full drive scan on all files.
http://www.microsoft.com/security/incident/sasser.mspx