Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Windows restarts because "DCOM Server Process Launcher service terminated unexpectedly"

Posted on 2007-03-28
7
Medium Priority
?
48,717 Views
Last Modified: 2013-11-22
Dell Precision 340 running XP Pro and Norton Anti-Virus Corporate Edition.  Installed PCTools SpyDoctor (full version) two days ago.  Got rid of my spyware problems (I think) but now whenever I turn on the machine about a minute or so after windows loads i get a timed shutdown message that says:

"Windows must now restart because DCOM Server Process Launcher service terminated unexpectedly. " The shutdown is initiated by NT AUTHORITY\SYSTEM

This occurs in safe mode as well.  If I can manage to log in to windows quick enough, I can stop the shutdown by issuing "shutdown /a" from the command line.  Once that is done I don't seem to have any problems. . .

Thanks in advance for your help. . .
0
Comment
Question by:a2hIT
7 Comments
 
LVL 39

Expert Comment

by:PUNKY
ID: 18813641
Run msconfig and stop SpyDoctor see if it stops error.
0
 
LVL 4

Expert Comment

by:Soutie
ID: 18814267
that sounds like a sasser/blaster variant.
when you scanned your machine for malware did you find anything? if so and it was removed did you disable system restore?  Not disabling system restore first could lead to reinfection.
What version of corporate are you running.  Versions before 9 (I think it was) wern't very good at removing malware.  Upgrade to 10.1 if possible.
0
 

Author Comment

by:a2hIT
ID: 18815640
PUNKY: "Run msconfig and stop SpyDoctor see if it stops error"
Unchecked everything in msconfig that listed Spyware Doctor.  No result.  Uninstalled SpyDoctor Completely -- still no change.

Southie: "when you scanned your machine for malware did you find anything? if so and it was removed did you disable system restore?"  -- YES
"What version of corporate are you running."  -- Older than 9  :-(  Upgrade is not really "in the budget"

Thank you both for your responses.
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
LVL 4

Accepted Solution

by:
Soutie earned 1500 total points
ID: 18815741
@ a2hIT
you definitly have some form of malware.  Maybe try running stinger and see if it picks anything up.

vil.nai.com/vil/stinger/

you are going to need to clear the offending virus off the machine and uptate to the latest microsoft patches. If i recall correctly there was a patch a while ago to stop the DCOM exploitation, but i could be down to correction.
0
 
LVL 23

Expert Comment

by:phototropic
ID: 18819995
Steve Gibson has produced a tool to disable DCOM:

http://www.grc.com/freeware/dcom.htm

This may help...

0
 

Author Comment

by:a2hIT
ID: 18820027
Thanks all.  Stopping Monitoring of this issue.  Thanks again.
0
 

Expert Comment

by:emoor
ID: 26503646
I get the error message that states that the system shutdown is being initiated by NT Authority/System and that Windows must now restart because the DCOM service process launch service terminated (which means I either have to use shutdown -a or reboot) BUT a McAfee scan picks up no virus, the stinger application picked up no virus and when I used Steve Gibson's tool I was told I have no DCOM service becausse I am running XP service pack 2.

Help?
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It started not too long ago. It was at first annoying. My keystrokes seemed to be randomly generated, not the ones I typed on the keyboard. For some reason this only happened in certain applications (especially browsers such as IE11, Firefox and Chr…
There are many reasons malware will stay around and continue to grow as a business.  The biggest reason is the expanding customer base.  More than 40% of people who are infected with ransomware, pay the ransom.  That makes ransomware a multi-million…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question