• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 708
  • Last Modified:

System Shutdwon in Windows XP

Hello everyone,
            I need to find out why the computer is shutting down.

Error:

This system is shutting down.Please save all work in progress adn log off. Any unsaved changes will be lost. This shutdown was initiated by NT AUTHORITY/SYSTEM

Message: C\windows\system32\lsass.exe with code 1073741819

I am attaching a picture.

Thank you
SystemShutdown.bmp
0
iscivanomar
Asked:
iscivanomar
7 Solutions
 
Seaton007Commented:
Take a look at this: http://support.microsoft.com/kb/938482

Otherwise, I would recommend scanning for malware with the following two scanners:
Malwarebytes: www.malwarebytes.org
SUPERAntiSpywarae: www.superantispyware.com
0
 
PerarduaadastraCommented:
Abort the shutdown by going to Start ->Run, type    shutdown -a    and click OK.

Then you can start task manager and check for any odd processes running. Make sure that the Show processes from all users checkbox is ticked.
0
 
jfer0x01Commented:
You are infected with a Sasser like worm from 2003, which kills lsass.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
☠ MASQ ☠Commented:
Go with the advice to run MBAM
Looks like your file at HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff has been replaced with a rogue version so expect to find a trojan or three.

If you open a command window and run "shutdown -a" that will stop the shutdown and allow you to get on with the fix.  Not Sasser type attack though as that was patched by SP2 the NTAuthority window is different.
0
 
willcompCommented:
Prior to running MBAM, run RogueKiller.
http://majorgeeks.com/RogueKiller_d6983.html
0
 
pgm554Commented:
Don't forget to patch the system.
That exploit is many years old

Run the updater and install!

Sasser is worm,and without a good firewall and up to date patches,it will just reinfect the system.


MS security essentials is a free virus scan tool that is easily a top 5 product (paid or not).

Download it and install it.

http://windows.microsoft.com/en-US/windows/products/security-essentials
0
 
willcompCommented:
All lsass shutdowns are not Sasser related. Behavior is not that of old Sasser worm.
0
 
Sudeep SharmaTechnical DesignerCommented:
@iscivanomar,

As suggested above by EE experts please run RogueKiller, followed by MalwareBytes and post the logs from both here for further investigation of the issue.

Incase you are again prompted by the same message run shutdown -a (also suggested above). This would let the RogueKiller and MBAM to run completely.

Sudeep
0
 
iscivanomarAuthor Commented:
sorry for getting back to you until now. I was move from this project to other. I gave the information to my coworkers in charge of this project now. They found out that was a virus as you said.

Thank you
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now