Shutdown.exe
Results 1 to 7 of 7

Thread: Shutdown.exe

  1. #1
    Senior Member
    Join Date
    Mar 2004
    Posts
    113

    Shutdown.exe

    Hi,

    today in my university, all of a sudden we started getting these shutdown messages, "the system is going to shutdown save all the data, ......" (http://www.antionline.com/showthread...threadid=24997)


    Is there a way to stop it, Also can some one tell me that how is that only some computers are getting the message and not all.

    Is the person who is doing all this has got into our network as an administartor.

    Is it a blaster virus ?

    Althogh I cannot do much about it, but still can some tell me any solution.

    The machines that are affected are winows machines only.

    MRG

  2. #2
    I fixed it... looked a lot like blaster. The message says there is a problem in lsass.exe, but its not the case. Its a worm that exploits it.
    http://securityresponse.symantec.com...er.b.worm.html

    Update windows and AV, and check out the instructions in the link.

  3. #3
    Banned
    Join Date
    Apr 2003
    Posts
    3,839
    to prevent from shutdown you can go into MS-DOS and type in shutdown -a to abort the shutdown, then you can fix it....

  4. #4
    Senior Member
    Join Date
    Sep 2003
    Posts
    500
    HaHaHa!!! What the hell is that post you linked to mrg81? My favourite line is:

    ji bbr ul kwrfif xb sdpdyk ovpbl ext rf?
    You shall no longer take things at second or third hand,
    nor look through the eyes of the dead...You shall listen to all
    sides and filter them for your self.
    -Walt Whitman-

  5. #5
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Blaster sounds a likely culprit, but your AV should spot it, and your Windows should have been patched.

    It might be a Sasser variant? I would be inclined to isolate an infected box, hook it up to the internet (use the -a trick to stop it shutting down, as suggested above) and run Trend Micro's "Housecall".............I think it is updated every hour/few minutes, so that would be your best bet of finding out which one you have got?

    Cheers

  6. #6
    Senior Member
    Join Date
    Mar 2004
    Posts
    113
    I am extremely sorry, for the the wrong link, The correct link

    http://www.antionline.com/showthread...hreadid=249971

    MRG

  7. #7
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Posts
    1,164
    Yeah, lsass.exe, to my knowledge, is a legacy program that provides backwards-compatibility for things or whatnot and Blaster exploits a problem in the RPC side of it.

    Although those like Pooh Sun Tzu could better answer that about lsass.exe..
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •