Home > General > Nt\autority\system?LSASS.exe

Nt\autority\system?LSASS.exe

Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. Reply Kindergeburtstag Mannheim said May 9, 2013 at 4:23 am Hey this is kinda of off topic but I was wanting to know if blogs use WYSIWYG editors or if you S1L3NCER Student Posts: 97 3+ Months Ago I had the same problem and my roomate too and it was the sassew virus ... By continuing to browse, we are assuming that you have no objection in accepting cookies.

But it said I was not infected. Ask a question and give support. For information on installing updates, see Help and Support. Infected copy of c:\windows\pchealth\helpctr\binaries\helpsvc.exe was found and disinfected Restored copy from - c:\windows\$hf_mig$\KB2229593\SP2QFE\helpsvc.exe .

c:\documents and settings\Michael\Local Settings\Temp\IswTmp\WH\0 . . ((((((((((((((((((((((((( Files Created from 2011-04-21 to 2011-05-21 ))))))))))))))))))))))))))))))) . . 2011-05-12 00:39 . 2011-05-12 00:39 -------- d-----w- C:\tazti_2.0_xp_32-bit . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) The first step is to download the Sysinternals tool PsExec from the below URL: http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx Extract PsTools.zip to a folder on your hard disk. Motherboard: | | P4X400-8235 Processor: Intel(R) Celeron(R) CPU 2.70GHz | Socket 478 | 2888/107mhz . ==== Disk Partitions ========================= . Close any open browsers.

Signatures Attempted: Backup Error Code: 0x8050a005 Error description: The program can't find definition files that help detect unwanted software. CAUSE This behavior is caused by an invalid replInterval value in the Configuration container in the properties of a site link. Instead, it now reads: "This system is shutting down. WARNING: Combofix will disconnect your machine from the Internet as soon as it starts Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

I full scanned my computer. If, for some reason, Combofix refuses to run, try one of the following: 1. Check for updates to the definition files, and then try again. https://answers.microsoft.com/en-us/windows/forum/windows_xp-performance/nt-authoritysystem-shutdown/c8de6657-c752-4260-bb71-92e75ddbed06 uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2645238 FF - ProfilePath - c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\oxt0fo8d.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . . ************************************************************************** .

Pre-Run: 19,702,448,128 bytes free Post-Run: 19,659,681,792 bytes free . - - End Of File - - A853E9B5D84AE75584260F0395F83518 May 20, 2011 #7 Broni Malware Annihilator Posts: 53,186 +349 Try to Click Go and paste the content into your next post. For information on installing updates, see Help and Support. The list is not all inclusive.

Even if your computer appears to act better, it may still be infected. Are you looking for the solution to your computer problem? Attached logs won't be reviewed. Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy

ERROR

Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-5-20 42184] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-5-9 27064] S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-5-18 532224] . =============== File Associations =============== . The error message was "Access denied." I was an administrator on the server so how could I become more powerful than an administrator? Lotus SmartCenter.lnk = C:\lotus\smartctr\smartctr.exe Lotus SuiteStart.lnk = C:\lotus\smartctr\suitest.exe Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE Microsoft Works Calendar Reminders.lnk = ? I'm at my wits end on what to do and I was hoping someone here might be able to provide a fix for me.

A million thanks! For information on installing updates, see Help and Support. The time now is 01:23 PM. 2003-2016 Check Point Software Technologies Ltd. Symantec mentions this as a W32.Sasser worm http://tinyurl.com/mmxcd which I hope is not on my pc.

Completion time: 2011-05-20 22:24:38 ComboFix-quarantined-files.txt 2011-05-21 03:24 . It is trustful. If Combofix asks you to install Recovery Console, please allow it.

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Video Controller Device ID: PCI\VEN_1002&DEV_71E2&SUBSYS_030A1002&REV_00\4&283A33D&0&0108 Manufacturer: Name: Video Controller PNP Device ID: PCI\VEN_1002&DEV_71E2&SUBSYS_030A1002&REV_00\4&283A33D&0&0108 Service: . ==== System Restore Points =================== .

We use cookies to ensure that we give you the best experience on our website. I heard that "Sasser" virus can re-code all the system processors and change security sittings. However during the process I received a message ;The system is shutting down. MSE won't even turn on and MBAN locks up a few seconds in the scan...

Step 1. lsass.exe/NT AUTHORITY\SYSTEM problem. Save all work etc. The system will now shut down and restart.

I clicked on it and it vanished only to reappear a few minutes later. Page 1 of 1To Reply to this topic you need to LOGIN or REGISTER. I purchased software PC Mover in the hope that the transfer would be simple. This is not a known spyware, adware, or trojan executable.

Login (HKLM) O9 - Extra button: SideStep (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Please save all work and log off. Spooler SubSystem ask permission to access the internet. How Does Sasser Infect My Computer?

Reply Jim Link said April 15, 2013 at 3:34 pm The /accepteula switch fixed my issues. StartupList report, 10/30/2008, 10:27:54 PM StartupList version: 1.52.2 Started from : C:\Program Files\Hijackthis\HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options ================================================== Running I close my topics if you have not replied in 5 days. IF REQUESTED, ZIP IT UP & ATTACH IT .

jackjigar Born Posts: 1 3+ Months Ago Joe-05 wrote:Wazzzzzzzzzzzzup every1. Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. This is normal and indicates the tool ran successfully. the system process 'C:\windows/system32\lsass.exe' terminated unexpectedly with status code -1073741819 the system will now shutdown and restart" And then the crashed system app gives me 60 secs to save my work