Services.exe status code 203 Message-I need help!

Status
Not open for further replies.
B

benjadlv

services.exe status code 203 Message-One of the hardest virus I've encountered!

Hi to all!
It all started when I opened and .exe file which I know I should have scanned it first but I didn't and now I'm paying the consequences! I downloaded AVG anti-Spyware 7.5 and run it in safe mode. It found 178 threats, 8 of them were of high risk, the rest were malicious cookies, I quarantined them all with no problems. I thought I have fixed the problem and when I made a restart, after a few minutes, there it was again that little box which shut down my computer. As I'm writing this, I haven't gotten that message yet which is weird because sometimes I get it sometimes I don't. So any help would be appreciated a lot!

I downloaded Hijackthis and renamed it, I did a system scan and saved the logfile, which is attached.
I also attached the log from AVG Anti-Spyware.

Thank you in advance!
 

Attachments

  • hijackthis.log
    8.3 KB · Views: 5
I had this exact same problem and tried Kapersky 6.0, Norton 10, Avira AntiVir, AdAware SE, SpyBot Search & Destroy, manually checking usual places for Trojans/Viruses and manually searching the registry etc. and some other tools, though they removed some dormant stuff my problem wasn't fixed till I searched for this problem specifically...

"This shutdown was initiated by NT AUTHORITY\SYSTEM" - from c:\WinXP\system32\services.exe status code 203 ,204 or sometimes -1073741819"
You could then stop the countdown with "shutdown -a" from run but that messed up Internet Explorer and about any other program running.

I then found a lot of posts about this with no solution and then a post WITH a solution.
You most likely also got the following hidden Rootkit: http://www.sarc.com/avcenter/venc/data/backdoor.rustock.b.html

To get rid of it use http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html
and delete the entry which says anything similar to "C:\WINDOWS\system32:lzx32.sys"
Let me know if it helped.
 
Thanks!!!
I just did all you explained here! Thank you. Everything is alright so far, I read the instructions and definitions from Backdoor.Rustock.B and I found that little annoying file "C:\WINDOWS\system32:lzx32.sys" and cleaned it up.
 
I was in an identical situation as well, and with the instructions and the Sophos tool I managed to get rid of that annoying program.
You have my thanks and gratitude ;)
 
Just thought I should note, as per the Symantec information that you need to remove the pe386/p386 (think its pe) registry entries. I found just removing the system32:lzx32.sys led to reinfection and as my Sophos wouldn't remove registry entries for some reason (perhaps licensing?) I ended up getting RegRun NIVA and running the "remove Rustock Rootkit" option. Maybe not the best way but it worked perfectly (touch wood) and was hassle free.

Anyway thanks again the info here was invaluable.
 
That's it! I'm reinstalling Windows for the first time since I got my pc. This virus is so messed up that I cant even pass 2 minutes without getting that freaking message. I'm making a back up of my files and music and I'm getting rid of that bastard.

I don't think that I have patience to find another solution to this problem!
 
Hello and welcome to Techspot.

benjadlv said:
That's it! I'm reinstalling Windows for the first time since I got my pc. This virus is so messed up that I cant even pass 2 minutes without getting that freaking message. I'm making a back up of my files and music and I'm getting rid of that bastard.

I don't think that I have patience to find another solution to this problem!
Click to expand...

I think you`re probably doing the right thing in formatting, once you`re done, your system will run nice and fast again, without the malware.

Good luck.

Regards Howard :wave: :wave:

This thread is for the use of benjadlv only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Dealt with this little pita for almost a week now. I'd like to extend my sincere appreciation to D3xter for providing the only solution. Thanks!
 
Status
Not open for further replies.

Similar threads

midian182
Apex Legends tournament postponed after players hacked mid-match
Replies
0
Views
80
midian182
midian182
midian182
Rockstar Games faces another leak as GTA V source code, GTA VI and Bully 2 details appear...
Replies
13
Views
355
FaTaL
FaTaL
AGenericFool
Help - Valid Windows 10 Licenses deactivate after two days?!
Replies
1
Views
270
Nelson28
N

Latest posts

Back