Re: W2k3 - lsass shutdown problem

From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 12/20/04

Next message: wgong: "mfcid32.exe spawns with 100% cpu occupancy"

Previous message: David H. Lipman: "Re: Lsass.exe"
In reply to: Ronny: "W2k3 - lsass shutdown problem"
Next in thread: Ronny: "Re: W2k3 - lsass shutdown problem"
Reply: Ronny: "Re: W2k3 - lsass shutdown problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 19 Dec 2004 22:48:19 -0500

Obtain McAfee's virus and worm removal tool, Stinger: http://vil.nai.com/vil/stinger/

1) If you are using WinME or WinXP, disable System Restore
        http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
2) Reboot your PC into Safe Mode
3) Using McAfee Stinger, perform a Full Scan of your platform and clean/delete any
         infectors found
4) Restart your PC and perform a "final" Full Scan of your platform
5) If you are using WinME or WinXP, Re-enable System Restore and re-apply any
        System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
6) Reboot your PC.
7) If you are using WinME or WinXP, create a new Restore point
8) Please report back your results

Dave

"Ronny" <ronny.skroblin@web.de> wrote in message
news:%23r0r8Ai3EHA.1192@tk2msftngp13.phx.gbl...
| Hi @ll,
|
| got a little problem - hope anyone can help.
|
| Suddenly my Windows 2003 server (acting as domain controller) always shuts
| down and restarts with the well-known message 'system is shutting down...
| initiated by NT AUTHORITY\SYSTEM... system process
| c:\windows\system32\lsass.exe...status code -1073741819...' After restarting
| it lasts very long until the login message comes up - and if I press
| CTRL-ALT-DEL nothing happens, I get no login prompt, only the shutdown
| message appears again. Did anyone of you already get a similar problem?
|
| 'cause I can't login I also cannot stop the shutdown process with
| 'shutdown -a' and analyze what happened. I started the server in safe mode
| and checked all the well-known folders and registry keys for Sasser, Blaster
| & Co., checked the system with the current Stinger tool from NAI - but
| nothing was found.
| And yes, the system was up-to-date with all the security patches offered by
| Microsoft and had the current virus scan signatures.
|
| Appreciate your help...
|
| Thanks and regards,
| Ronny
|
|

Next message: wgong: "mfcid32.exe spawns with 100% cpu occupancy"

Previous message: David H. Lipman: "Re: Lsass.exe"
In reply to: Ronny: "W2k3 - lsass shutdown problem"
Next in thread: Ronny: "Re: W2k3 - lsass shutdown problem"
Reply: Ronny: "Re: W2k3 - lsass shutdown problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: How can I clear virus
... If you are using WinME or WinXP, disable System Restore ... Using McAfee Stinger, perform a Full Scan of your platform and clean/delete any ...
(microsoft.public.security.virus)
Re: W32.Beagle.M@mm
... Obtain McAfee's virus and worm removal tool, Stinger: http://vil.nai.com/vil/stinger/ ... If you are using WinME or WinXP, disable System Restore ...
(microsoft.public.security.virus)
Re: Welch worm I cant get rid of
... Obtain McAfee's virus and worm removal tool, Stinger: http://vil.nai.com/vil/stinger/ ... If you are using WinME or WinXP, disable System Restore ...
(microsoft.public.windowsxp.general)
Re: W32.NetSky.P@mm thing
... Obtain McAfee's virus and worm removal tool, Stinger: http://vil.nai.com/vil/stinger/ ... If you are using WinME or WinXP, disable System Restore ...
(microsoft.public.security.virus)
Re: How to kill viruses w32.Sasser.C.Worm & w32.Erkez.B@mm
... > Obtain McAfee's virus and worm removal tool, Stinger: ... > 1) If you are using WinME or WinXP, disable System Restore ...
(microsoft.public.security.virus)