Results 1 to 7 of 7

Thread: Shutdown.exe

  1. #1
    Senior Member
    Join Date
    Mar 2004



    today in my university, all of a sudden we started getting these shutdown messages, "the system is going to shutdown save all the data, ......" (

    Is there a way to stop it, Also can some one tell me that how is that only some computers are getting the message and not all.

    Is the person who is doing all this has got into our network as an administartor.

    Is it a blaster virus ?

    Althogh I cannot do much about it, but still can some tell me any solution.

    The machines that are affected are winows machines only.


  2. #2
    I fixed it... looked a lot like blaster. The message says there is a problem in lsass.exe, but its not the case. Its a worm that exploits it.

    Update windows and AV, and check out the instructions in the link.

  3. #3
    Join Date
    Apr 2003
    to prevent from shutdown you can go into MS-DOS and type in shutdown -a to abort the shutdown, then you can fix it....

  4. #4
    Senior Member
    Join Date
    Sep 2003
    HaHaHa!!! What the hell is that post you linked to mrg81? My favourite line is:

    ji bbr ul kwrfif xb sdpdyk ovpbl ext rf?
    You shall no longer take things at second or third hand,
    nor look through the eyes of the dead...You shall listen to all
    sides and filter them for your self.
    -Walt Whitman-

  5. #5
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    United Kingdom: Bridlington
    Blaster sounds a likely culprit, but your AV should spot it, and your Windows should have been patched.

    It might be a Sasser variant? I would be inclined to isolate an infected box, hook it up to the internet (use the -a trick to stop it shutting down, as suggested above) and run Trend Micro's "Housecall".............I think it is updated every hour/few minutes, so that would be your best bet of finding out which one you have got?


  6. #6
    Senior Member
    Join Date
    Mar 2004
    I am extremely sorry, for the the wrong link, The correct link


  7. #7
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Yeah, lsass.exe, to my knowledge, is a legacy program that provides backwards-compatibility for things or whatnot and Blaster exploits a problem in the RPC side of it.

    Although those like Pooh Sun Tzu could better answer that about lsass.exe..
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts