-
May 2nd, 2004, 03:07 AM
#1
Shutdown.exe
Hi,
today in my university, all of a sudden we started getting these shutdown messages, "the system is going to shutdown save all the data, ......" (http://www.antionline.com/showthread...threadid=24997)
Is there a way to stop it, Also can some one tell me that how is that only some computers are getting the message and not all.
Is the person who is doing all this has got into our network as an administartor.
Is it a blaster virus ?
Althogh I cannot do much about it, but still can some tell me any solution.
The machines that are affected are winows machines only.
MRG
-
May 2nd, 2004, 03:21 AM
#2
I fixed it... looked a lot like blaster. The message says there is a problem in lsass.exe, but its not the case. Its a worm that exploits it.
http://securityresponse.symantec.com...er.b.worm.html
Update windows and AV, and check out the instructions in the link.
-
May 2nd, 2004, 03:23 AM
#3
to prevent from shutdown you can go into MS-DOS and type in shutdown -a to abort the shutdown, then you can fix it....
-
May 2nd, 2004, 10:03 AM
#4
HaHaHa!!! What the hell is that post you linked to mrg81? My favourite line is:
ji bbr ul kwrfif xb sdpdyk ovpbl ext rf?
You shall no longer take things at second or third hand,
nor look through the eyes of the dead...You shall listen to all
sides and filter them for your self.
-Walt Whitman-
-
May 2nd, 2004, 12:21 PM
#5
Blaster sounds a likely culprit, but your AV should spot it, and your Windows should have been patched.
It might be a Sasser variant? I would be inclined to isolate an infected box, hook it up to the internet (use the -a trick to stop it shutting down, as suggested above) and run Trend Micro's "Housecall".............I think it is updated every hour/few minutes, so that would be your best bet of finding out which one you have got?
Cheers
-
May 2nd, 2004, 07:45 PM
#6
I am extremely sorry, for the the wrong link, The correct link
http://www.antionline.com/showthread...hreadid=249971
MRG
-
May 2nd, 2004, 11:00 PM
#7
Yeah, lsass.exe, to my knowledge, is a legacy program that provides backwards-compatibility for things or whatnot and Blaster exploits a problem in the RPC side of it.
Although those like Pooh Sun Tzu could better answer that about lsass.exe..
We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|