Jump to content


Photo

System Shutdown Message


  • This topic is locked This topic is locked
6 replies to this topic

#1 wyocodak

wyocodak

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 27 June 2004 - 09:25 PM

OS XP
IE 6

After opening e-mail I get an error message. System shutdown,System 32,ISASS.exec, Status code 1073741819. System counts down 60 sec and restarts. Doesn't do this while on line except in IE. This is my dad's computer, so I need some advise before I travel back there. I'm working 12 hrs a day so there might be a delay in replying to your feedback. Thanks

#2 Tuxedo Jack

Tuxedo Jack

    Creator of TuxPE, a Cat5-o'-9-Tails, Etherkillers, and more

  • Expert
  • PipPipPipPipPip
  • 1,757 posts

Posted 28 June 2004 - 08:34 AM

It sounds like you have a variant of the Blaster worm.

This is an old worm that MS released a patch for _last year_.

Get and run Stinger from here:

http://download.nai....ert/stinger.exe
Signature file is under revision. This will be back shortly.

#3 wyocodak

wyocodak

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 28 June 2004 - 07:53 PM

Thanks I'll try that. I already had ad aware and updated antivirus installed on his computer, but nothing showed up.

#4 wyocodak

wyocodak

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 04 July 2004 - 12:53 PM

Still having the same problem. Ran Stinger no results. Reran Adaware, updated virus program and cwshredder with no results. Ran hijackthis. Results below.

Logfile of HijackThis v1.97.7
Scan saved at 12:47:13 PM, on 7/4/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashserv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\My Documents\Computer Stuff\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us3.hpwis.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\mcafee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\mcafee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...1/mcinstall.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weat...uginstaller.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7891.3082291667

#5 Tuxedo Jack

Tuxedo Jack

    Creator of TuxPE, a Cat5-o'-9-Tails, Etherkillers, and more

  • Expert
  • PipPipPipPipPip
  • 1,757 posts

Posted 04 July 2004 - 01:40 PM

Well, you need to update Windows immediately.

Please go to Windows Update and download _all_ the Critical Updates listed. After you get them, reboot, then go back there and get the new Critical Updates in the list. Reboot, go back there a third time (if needed), then scan with HJT and post the new log.

http://windowsupdate.microsoft.com
Signature file is under revision. This will be back shortly.

#6 wyocodak

wyocodak

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 04 July 2004 - 05:11 PM

OK, it will be awhile. They have dial up at 26.4kbps. I saw 27 updates they didn't have installed. Plus I'm going on vacation tomorrow. I'll get back to you as soon as I can. Can't wait for the hours of fun downloading. Thanks

#7 wyocodak

wyocodak

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 11 July 2004 - 03:56 PM

Just went from bad to worse. Spent 3 hrs downloading updates. Not all of them just the ones that need loaded by themselves. Installed, restarted. Won't go past XP load page. Tried to go into safe mode, starts but won't go.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button