Shutdown.exe

[mrg81]

Hi,

today in my university, all of a sudden we started getting these shutdown messages, "the system is going to shutdown save all the data, ......" (http://www.antionline.com/showthread...threadid=24997)


Is there a way to stop it, Also can some one tell me that how is that only some computers are getting the message and not all.

Is the person who is doing all this has got into our network as an administartor.

Is it a blaster virus ?

Althogh I cannot do much about it, but still can some tell me any solution.

The machines that are affected are winows machines only.

MRG

[Soda_Popinsky]

I fixed it... looked a lot like blaster. The message says there is a problem in lsass.exe, but its not the case. Its a worm that exploits it.
http://securityresponse.symantec.com...er.b.worm.html

Update windows and AV, and check out the instructions in the link.

[MemorY]

to prevent from shutdown you can go into MS-DOS and type in shutdown -a to abort the shutdown, then you can fix it....

[Lansing_Banda]

HaHaHa!!! What the hell is that post you linked to mrg81? My favourite line is:

ji bbr ul kwrfif xb sdpdyk ovpbl ext rf?

[nihil]

Blaster sounds a likely culprit, but your AV should spot it, and your Windows should have been patched.

It might be a Sasser variant? I would be inclined to isolate an infected box, hook it up to the internet (use the -a trick to stop it shutting down, as suggested above) and run Trend Micro's "Housecall".............I think it is updated every hour/few minutes, so that would be your best bet of finding out which one you have got?

Cheers

[mrg81]

I am extremely sorry, for the the wrong link, The correct link

http://www.antionline.com/showthread...hreadid=249971

MRG

[Vorlin]

Yeah, lsass.exe, to my knowledge, is a legacy program that provides backwards-compatibility for things or whatnot and Blaster exploits a problem in the RPC side of it.

Although those like Pooh Sun Tzu could better answer that about lsass.exe..