Solved

Windows XP Shutdown -- Status Code 1073741819

Posted on 2006-11-30
9
3,598 Views
Last Modified: 2012-05-05
I have a user who has an XP machine w/ SP2 and has the most current updates installed on his computer. He has recently been having shut down issues.  

He will receive a message box referencing "lsass.exe: 0x012e0178 referenced at 0x00000000 can't be written".  He clicks on the OK button then will receive :

"System Shutdown: This system is shutting down.  Please save all work in progress and log off.  Any unsaved changes will be lost.  This shutdown was initiated by NT AUTHORITY\SYSTEM, and gives a 60 second timer before it shuts down.  The message in the System Shutdown box lists status code 1073741819.  

When the computer restarts, and the user logs in, he will receive a Data Execution Prevention message citing LSA Shell (Export Version).

Thinking it was a virus issue, I did a full scan with Sophos, Microsoft Malicious Software Removal Tool, no virus was detected.  In addition used Symantec's removal tool for Sasser and Blaster, and neither found anything.

Any thoughts on what I can do or what the issue might be.

Thanks!
0
Comment
Question by:CBHelpDesk
  • 4
  • 2
9 Comments
 
LVL 14

Expert Comment

by:FriarTuk
ID: 18058876
search for lsass on you pc to find if more than one exists (should be c:\windows\system32)
try slaving the drive to another computer or put it in a usb enclosure, then do a full drive scan on all files.
http://www.microsoft.com/security/incident/sasser.mspx
0
 

Author Comment

by:CBHelpDesk
ID: 18114727
Thanks for the suggestion.  There is only lsass on the computer.  I slaved the drive and did a couple different scans on the drive with no result.
0
 
LVL 14

Expert Comment

by:FriarTuk
ID: 18120644
Problem: LSA Shell (Export Version) has encountered a problem and needs to close.
Then: C:\Windows\System32\ Isass.exe terminated unexpectedly with status code 1073741819.

http://www.microsoft.com/downloads/details.aspx?FamilyID=ad724ae0-e72d-4f54-9ab3-75b8eb148356&DisplayLang=en

http://www.symantec.com/security_response/writeup.jsp?docid=2004-050114-1706-99
http://vil.nai.com/vil/stinger/

Manual Removal Instructions
To remove this virus "by hand", follow these steps:

Reboot the system into Safe Mode (hit the F8 key as soon as the Starting Windows text is displayed, choose Safe Mode.
Delete the file AVSERVE.EXE  from your WINDOWS directory (typically c:\windows or c:\winnt)
Edit the registry
Delete the "avserve" value from
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run Reboot the system into Default Mode
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 

Author Comment

by:CBHelpDesk
ID: 18123475
Unfortunately, I have already run Microsoft's Malicious Software Removal Tool, Stinger, Symantec's Removal Tool with no result.  Also, avserve.exe cannot be found anywhere on the computer nor the registry.  I am at the point where I am going to rebuild the computer unless you have any other thoughts.  Thanks for your suggestions and help.
0
 
LVL 14

Expert Comment

by:FriarTuk
ID: 18145815
yeah, that sounds like what you'll have to do, as i can't find anything else that points to a decisive answer.
0
 
LVL 14

Expert Comment

by:FriarTuk
ID: 18394426
could you refund but paq this as it was hard trying to find anything on this direct error & it may help others in the future, thx.
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 18414248
PAQed with points refunded (500)

Computer101
EE Admin
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
password expiry Windows 6 134
outlook PST max size limit 3 109
How Do I Set Up XP Mode in Windows 7? 8 73
MS-Access 2002 error (Win XP on Win7Pro) 19 35
Can I legally transfer my OEM version of Windows to another PC?  (AKA - Can I put a new systemboard in my OEM PC?) Few of us are both IT and legal experts but we all have our own views of Microsoft's licensing rules and how they apply.  There are…
If you have done a reformat of your hard drive and proceeded to do a successful Windows XP installation, you may notice that a choice between two operating systems when you start up the machine. Here is how to get rid of this: Click Start Clic…
This is a video that shows how the OnPage alerts system integrates into ConnectWise, how a trigger is set, how a page is sent via the trigger, and how the SENT, DELIVERED, READ & REPLIED receipts get entered into the internal tab of the ConnectWise …
A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now