NT authority system

[patim]

I severely searched the fora but couldn't find a proper solution. Once in a while I get the NT autority system shutdown thingy. I can startup than when rebooting to the last proper startup point, but whenever I start up again it comes back. I try to download the malicious and malware remover from MS but It wouldnt work. I found an older version and than my comp flatlined.

Has anybody a proper solutionfor me

I also have a very slow starting win XP. Once working it is fine but the startup. I hav a HP Pavillion zd 8218 wit intel 3,54 I believe and 512 kb memory. I use win XP home.

Last, every now and then ( especially when using Firefox) I get the bsod 0xd1. Not always but very frequent.

If you need more info, please let me know. I'm new here

 

[howard_hopkinso]

Hello and welcome to Techspot.

Download and run the Stinger tool from McAfee.

Once you`ve done that.

Go and read the Trojan Pakes and other nasties preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT and AVG Antispyware logs as an attachments into this thread, only after doing the above.

Regards Howard :wave: :wave:

This thread is for the use of patim only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[patim]

Hi Howard,

Took me quit some time to do the task to the letter, but I managed to do so.

Found a lot of bad **** and got rid of it all. nevertheless, first thing when rebooting into normal windows was that damn authority thing.

I attached a hijack log and a AVG log. Hope you can find something to help me.

Greetings,


Patim

edit: it says it is a services.exe problem, not a RPC problem ????

 

[howard_hopkinso]

It appears, you`re not running any firewall software. Maybe you should install some. Either the free Zonealarm or Kerio firewall programmes are very good.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O8 - Extra context menu item: Namo SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\system32\shdocvw.dll

O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - https://secure.ingbank.nl/download/DigiSign.cab

Click on the fix checked button.

Close HJT.

Delete all files in AVG-Antispyware qurantine.

Reboot into normal mode, turn system restore back on and rehide your protected OS files.

Post a fresh HJT log and let me know if you`re still having problems.

Regards Howard

This thread is for the use of patim only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[patim]

Hi,

Did what you asked and than on startup I got the authority screen (still on services.exe) on reboot to last good configuration I got a bsod. lzx32.sys 0x7e

Couldn't even start in safe mode anymore. After a few startups I got back in windows.

Attached is the new hijack-file.

What is wrong here I am loaded with filth like it seems.

 

[howard_hopkinso]

Your HJT log is clean.

Do the following.

Right, when your system begins to reboot with the NT AUTORITY message, go to Start>Run and type shutdown -a and press the enter key. This will abort the system shutdown.

Then go HERE and run a full scan.

Let me know the results please.

Regards Howard

This thread is for the use of patim only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[patim]

Soory for keeping you waiting for so long. After the last episode I couldn't do **** with my pc. It was getting slower and slower and finally I gave up.

I'm now on a fresh new install of xp with lots of speed and no problems whatsoever.

Nevertheless, thanks for your help.

 

[howard_hopkinso]

No problem mate, thanks for letting me know.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of patim only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.