Solved

Windows restarts because "DCOM Server Process Launcher service terminated unexpectedly"

Posted on 2007-03-28
7
47,943 Views
Last Modified: 2013-11-22
Dell Precision 340 running XP Pro and Norton Anti-Virus Corporate Edition.  Installed PCTools SpyDoctor (full version) two days ago.  Got rid of my spyware problems (I think) but now whenever I turn on the machine about a minute or so after windows loads i get a timed shutdown message that says:

"Windows must now restart because DCOM Server Process Launcher service terminated unexpectedly. " The shutdown is initiated by NT AUTHORITY\SYSTEM

This occurs in safe mode as well.  If I can manage to log in to windows quick enough, I can stop the shutdown by issuing "shutdown /a" from the command line.  Once that is done I don't seem to have any problems. . .

Thanks in advance for your help. . .
0
Comment
Question by:a2hIT
7 Comments
 
LVL 39

Expert Comment

by:PUNKY
ID: 18813641
Run msconfig and stop SpyDoctor see if it stops error.
0
 
LVL 4

Expert Comment

by:Soutie
ID: 18814267
that sounds like a sasser/blaster variant.
when you scanned your machine for malware did you find anything? if so and it was removed did you disable system restore?  Not disabling system restore first could lead to reinfection.
What version of corporate are you running.  Versions before 9 (I think it was) wern't very good at removing malware.  Upgrade to 10.1 if possible.
0
 

Author Comment

by:a2hIT
ID: 18815640
PUNKY: "Run msconfig and stop SpyDoctor see if it stops error"
Unchecked everything in msconfig that listed Spyware Doctor.  No result.  Uninstalled SpyDoctor Completely -- still no change.

Southie: "when you scanned your machine for malware did you find anything? if so and it was removed did you disable system restore?"  -- YES
"What version of corporate are you running."  -- Older than 9  :-(  Upgrade is not really "in the budget"

Thank you both for your responses.
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 4

Accepted Solution

by:
Soutie earned 500 total points
ID: 18815741
@ a2hIT
you definitly have some form of malware.  Maybe try running stinger and see if it picks anything up.

vil.nai.com/vil/stinger/

you are going to need to clear the offending virus off the machine and uptate to the latest microsoft patches. If i recall correctly there was a patch a while ago to stop the DCOM exploitation, but i could be down to correction.
0
 
LVL 23

Expert Comment

by:phototropic
ID: 18819995
Steve Gibson has produced a tool to disable DCOM:

http://www.grc.com/freeware/dcom.htm

This may help...

0
 

Author Comment

by:a2hIT
ID: 18820027
Thanks all.  Stopping Monitoring of this issue.  Thanks again.
0
 

Expert Comment

by:emoor
ID: 26503646
I get the error message that states that the system shutdown is being initiated by NT Authority/System and that Windows must now restart because the DCOM service process launch service terminated (which means I either have to use shutdown -a or reboot) BUT a McAfee scan picks up no virus, the stinger application picked up no virus and when I used Steve Gibson's tool I was told I have no DCOM service becausse I am running XP service pack 2.

Help?
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Issue: Unstable cursor in Windows XP and Windows runs extremely slow in that any click will bring up the Hour glass (sometimes for several seconds before giving you what you want) . Troubleshooting Process and the FINAL FIX: This issue see…
There are many reasons malware will stay around and continue to grow as a business.  The biggest reason is the expanding customer base.  More than 40% of people who are infected with ransomware, pay the ransom.  That makes ransomware a multi-million…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now