# Nt Authority/system. Auto Shutdown



## throwingapie

hi all,

i am using Windows2000 and i connect to the internet through a ADSL modem. all was working fine till last nite when a pop window saying

The system is shutting dow. Please save all your work before you log off. All unsaed data will be lost. This shutdown is initiated by NT AUTHORITY/SYSTEM. Shutdown is as a result of remote procedure call due to unexpected termniation.

or sth to that effect.

what the hell is happening here 

tried looking for information on google but couldnt find any.

if the pc is not connected to the internet all works fine.

any help would be greatly apprectiated !

thanks mates


----------



## dusteve

I thought it was just me. I had the same problem and I got into work this morning and another guy it as well.

Anyone any ideas??


Thanks

dusteve


----------



## nhalfyard

*Found a solution*

go to this web page http://www.jsiinc.com/SUBK/tip5000/rh5044.htm

I have not tried it yet but it could be the solution and sounds about right.


----------



## arlonharrison77

*This is a VIRUS*

Most likely. I have heard about it. There is a patch available... but I don't recall where. Good luck! I'd give you some advice on wasy to disable it, but you have to fast at REGEDIT and know what is supposed to boot on your PC. there is a patch available for this virus however... if you can download it 59 seconds. Again, good luck!


----------



## nhalfyard

I'm just wainting to speak to microsoft, I hoped it was not a virus, but could it be the WIN32 worm virus?


----------



## arlonharrison77

You may want to check out http://nwn.bioware.com/forums/viewtopic.html?topic=251421&forum=42 
This is just another discussion board, but there is a lot of useful info and links to some sites that may help you solve your problem


----------



## arlonharrison77

a patch is available at <URL>http://microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp</URL> Pick your OS... and download. (cross your fingers, you've only got 59 seconds to get this. If you've got 2000 (please say you do) it is only 900 k, and will take about five minutes. ****! that won't work. There is a way to disable the virus (or at least the shutdown) but I don't recall what it is... or how to do it. 

I could probably handle it in the registry, but as I don't have an NT computer, or the virus to play with... I don't know where it stores the launch data. 

However, programs are told to launch from the following locations
If you are desperate, just delete everything from those keys. (it shouldn't kill your PC... but you may be out a driver or two and some programs you have set to startup won't start anymore... that is the least of your worries, though.)

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices


----------



## arlonharrison77

The virus name is msblast.exe. If you see this on your computer, your infected. It is also known as the Lovsan worm.

This data came from http://www.f-secure.com/v-descs/msblast.shtml

How to get rid of Lovsan worm in 5 minutes: 

1. Boot up the infected computer 

2. If you keep getting the "Shutdown in 60 seconds" dialog, click Start / Run, and execute command 'shutdown -a' 

3. Download and run the Microsoft patch to close the RPC hole. 

Download for Windows 2000 from www.microsoft.com: 
http://www.f-secure.com/dl-w2k/ 

Download for Windows XP from www.microsoft.com: 
http://www.f-secure.com/dl-wxp/ 

4. Download and run F-Secure's F-LOVSAN tool to remove the virus: 
ftp://ftp.f-secure.com/anti-virus/tools/f-lovsan.zip 

5. You're done.


----------



## nhalfyard

Great! My father in law also has it on two of his computers, I'm not at home now so I cant try it but I will get my father in law on the case!


----------



## throwingapie

thanks mates

managed to get the patch from the microsoft website.

installed zonealarm too !! 

tap


----------



## Clem$Idia

i just did control . alt . delete, went into processes and ended msblast.exe process.

im running windows xp
For now i have to do that everytime i start my computer.
It will give you enough time to download any patch you may need.

Hope it Helps,
Guertrude


----------



## clara2172

THANK YOU SO MUCH FOR THE HELP, IT SAVED ME FROM GOING 2 A PROFESSIONAL!!!!!


----------



## mschatz

What? I thought ALL the people here were 'PROFESSIONALS'!


----------



## DoZZa

to stop the virus shutting you down, open the command prompt and type shutdown -a

this will stop it from shutting down allowing you to com,pleate the patch download


----------

