• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 712
  • Last Modified:

System Shutdwon in Windows XP

Hello everyone,
            I need to find out why the computer is shutting down.


This system is shutting down.Please save all work in progress adn log off. Any unsaved changes will be lost. This shutdown was initiated by NT AUTHORITY/SYSTEM

Message: C\windows\system32\lsass.exe with code 1073741819

I am attaching a picture.

Thank you
7 Solutions
Take a look at this: http://support.microsoft.com/kb/938482

Otherwise, I would recommend scanning for malware with the following two scanners:
Malwarebytes: www.malwarebytes.org
SUPERAntiSpywarae: www.superantispyware.com
Abort the shutdown by going to Start ->Run, type    shutdown -a    and click OK.

Then you can start task manager and check for any odd processes running. Make sure that the Show processes from all users checkbox is ticked.
You are infected with a Sasser like worm from 2003, which kills lsass.
Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

☠ MASQ ☠Commented:
Go with the advice to run MBAM
Looks like your file at HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff has been replaced with a rogue version so expect to find a trojan or three.

If you open a command window and run "shutdown -a" that will stop the shutdown and allow you to get on with the fix.  Not Sasser type attack though as that was patched by SP2 the NTAuthority window is different.
Prior to running MBAM, run RogueKiller.
Don't forget to patch the system.
That exploit is many years old

Run the updater and install!

Sasser is worm,and without a good firewall and up to date patches,it will just reinfect the system.

MS security essentials is a free virus scan tool that is easily a top 5 product (paid or not).

Download it and install it.

All lsass shutdowns are not Sasser related. Behavior is not that of old Sasser worm.
Sudeep SharmaTechnical DesignerCommented:

As suggested above by EE experts please run RogueKiller, followed by MalwareBytes and post the logs from both here for further investigation of the issue.

Incase you are again prompted by the same message run shutdown -a (also suggested above). This would let the RogueKiller and MBAM to run completely.

iscivanomarAuthor Commented:
sorry for getting back to you until now. I was move from this project to other. I gave the information to my coworkers in charge of this project now. They found out that was a virus as you said.

Thank you
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now