Re: Suspected Virus/Worm Causing PC to Power Off
From: yapeng (yapeng_at_discussions.microsoft.com)
Date: 03/12/05
- Next message: Wesley Vogel: "Re: SearchWWW"
- Previous message: yapeng: "Re: Suspected Virus/Worm Causing PC to Power Off"
- In reply to: yapeng: "Re: Suspected Virus/Worm Causing PC to Power Off"
- Next in thread: David H. Lipman: "Re: Suspected Virus/Worm Causing PC to Power Off"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 12 Mar 2005 14:35:01 -0800
"yapeng" wrote:
> Hi David,
>
> Than you for your detailed instruction.
>
> I've done all of your sugestions
>
> I've run the sysclean in safemode.
> run stinger and both found no virus.
> I've also tried to run the KB835732 and it says my system is patched newer
> than the KB835732 and refuse to run it.
>
> The situation is :
> 1. I set up my computer to download and windows update automatically and
> whenever a new update come, I install it. So I am sure my computer is always
> patched.
> 2. I have McAfee enterprise 8.0 and always keep it up-to-date.
> 3. I have also scan the hardisk using newest Northan Anti-virus and found
> nothing.
sorry to make it clear, this was down by remove the harddisk and plug it
another computer by using a USB candy box. The anti-virus programs will stop
responding if I ran it with the doom computer.
>
> I think my situation is as same as jimr. I cannot have a full starup before
> the system shutdown message came up. even I have chance to run "shutdown -a"
> to stop it, the system seems halted most functions (e.g. no network, try to
> run most programs causes will end up with not responding).
>
> Is ther any chance there is no virus or worms and the system have a bad
> registration or config file. In the end, I have had a chance to run checkdisk
> and found no errors.
>
> regards,
> Yapeng
>
> "David H. Lipman" wrote:
>
> > From: "yapeng" <yapeng@discussions.microsoft.com>
> >
> > | I got the the same wired message when everytime I try to boot my PC (Win XP
> > | Pro). The messages indicate the shut downs were caused form various reasons:
> > | change from "system.exe -1073741819", DCom to lasse.exe. and windows will
> > | shut down in 60 seconds.
> > |
> > | More wired when the shutdown message box appear, all other windows and
> > | applications disappear (only the shut down box on screen with no means to
> > | interact with it). All this happens even before the system finish starting
> > | up. Becuase there is only the shutdown message on screen, I cannot use
> > | start-->run-->shuttdown -a to stop it.
> > |
> > | I tried some time (only sometime because the message box may appear just
> > | after I type username and password to login windows) open a command prompt
> > | and wait for the shut down message appear. with the dos windows I can type
> > | "shutdown -a" to stop the shutdown message but the system hangs there.
> > |
> > | I have even remove the PC's harddisk and use a USB canndy to plug to another
> > | good computer, and scan it with the newest Northan Anti-virus, but found
> > | nothing.
> > |
> > | The PC can boot in safemode and now using sysclean scanning...
> >
> >
> > Realize that if you get the shutdown message (attached -- sorry you MS CDO users can't see
> > it !) that means you have not patched the vulbnerability in LSASS. Have the vulnerability
> > and getting the shutdopwn message does NOT have to me \an infection. It does means you need
> > to scan the computer to see if you are infected and if so clean it but you *must* patch the
> > computer ASAP.
> >
> > Dowload the patch (below). Put the patch, Stinger and Sysclean (below) on media (CDROM, ZIP
> > Disk, USB Flash drive, etc) discconnect the affected PC from the Internet and install the
> > patch. Then reboot the PC and performscanning the PC with Stinger and TrendSysclean!
> >
> > Go to; Start --> Run
> > enter; shutdown -a
> >
> > This will halt the shutdown and give you a chance to Download the McAfee worm removal tool,
> > Stinger: http://vil.nai.com/vil/stinger/
> >
> > Please read the following URL:
> > http://www.microsoft.com/security/incident/sasser_printxp.mspx
> >
> > Please install the patch that fixes the Lsass vulnerability that teh Sasser exploits --
> > KB835732
> > http://www.microsoft.com/downloads/details.aspx?FamilyId=3549EA9E-DA3F-43B9-A4F1-AF243B6168F3&displaylang=en
> >
> > You also need a FireWall.
> > If you don't patch the PC and not use a FireWall then you will just be re-infected.
> >
> > I also suggest the installation of ALL MS Critical Updates ASAP.
> >
> > 1) Download the following three items...
> >
> > McAfee Stinger
> > http://vil.nai.com/vil/stinger/
> >
> > Trend Sysclean Package
> > http://www.trendmicro.com/download/dcs.asp
> >
> > Latest Trend signature files.
> > http://www.trendmicro.com/download/pattern.asp
> >
> > Create a directory.
> > On drive "C:\"
> > (e.g., "c:\New Folder")
> > or the desktop
> > (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
> >
> > Download SYSCLEAN.COM and place it in that directory.
> > Download the Trend Pattern File by obtaining the ZIP file.
> > For example; lpt484.zip
> >
> > Extract the contents of the ZIP file and place the contents in the same directory as
> > SYSCLEAN.COM.
> >
> > 2) Disable System Restore
> > http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
> > 3) Reboot your PC into Safe Mode and shutdown as many applications as possible
> > 4) Using both the Trend Sysclean utility and Stinger, perform a Full Scan of your
> > platform and clean/delete any infectors found
> > 5) Restart your PC and perform a "final" Full Scan of your platform using both.
> > 6) Re-enable System Restore and re-apply any System Restore preferences,
> > (e.g. HD space to use suggested 400 ~ 600MB),
> > 7) Reboot your PC.
> > 8) Create a new Restore point
> >
> > * * Please report back your results * *
> >
> > --
> > Dave
> > http://www.claymania.com/removal-trojan-adware
- Next message: Wesley Vogel: "Re: SearchWWW"
- Previous message: yapeng: "Re: Suspected Virus/Worm Causing PC to Power Off"
- In reply to: yapeng: "Re: Suspected Virus/Worm Causing PC to Power Off"
- Next in thread: David H. Lipman: "Re: Suspected Virus/Worm Causing PC to Power Off"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
