"System Shutdown" When I Run Ad-Aware Se (NT AUTHORITY\SYSTEM)

[CkY SkOOpS]

When ever I run Adaware Se, it scans for about a minute, then a gray box pops up saying that the system is shutting down, it was initiated by NT AUTHORITY\SYSTEM. It also says the RPC (remote procedure call service) was terminated unexpectedly. Im not sure how to get rid of this, and since I have gotten this problem, my Internet Explorer has been running very slow, Im on a broadband connection, and it takes a very long time for a web page to load.

Any help would appreciated, thank you all for your time.

 

[olefarte]

It sounds like you may be a victim of the Blaster Worm. Have you gotten all the latest Microsoft Updates? If not do so, and then run a virus scan, again making sure you have all the latest updates. If your computer won't let you do this, look at this. Although it's from Dell, it's a pretty good explanation on what to do to get rid of this thing.

Hope this helps. Let us know.

 

[CkY SkOOpS]

I have no problem staying connected to the internet, but I did download the Stinger virus scan, and I am scanning my system now. I will let you know what it finds.

 

[7teen]

same problem

I was curious if you had any luck in getting rid of the problem. i started getting a bunch of pop ups this week and went to run ad aware se and got the nt authority/system rpc restart. it doesn t give me a file that causes it and i have gone through the steps from dell, and have also run stinger virus scan. it wasn t able to find anything same with the download from norton that dell recommended. any ideas would be a great help. thanx.

 

[jnofzinger]

How to fix the "NT Authority Shutdown" during ad-aware scan

I had this same problem with a customer's computer. I rebooted into safe mode and ran ad-aware. It completed and removed the spyware. I went back to normal mode and ran the scan again. I didn't receive that shutdown message again. The only thing I can think of that would have caused this is that somehow the spyware is sensing it's being scanned, and shuts down the system. Fun.

 

[urbaniteman]

i just got the same thing. Im certain it reacts to the scan. it occurs on the same file evry time. Im about to try the Safe Mode scan. I'll post result.

 

[DelJo63]

disable Upnp and Remote Assistance services

 

[urbaniteman]

disable Upnp and Remote Assistance services?

By the time I read this I already spent a very lenghty process running by virus scan, ad aware free ver and stinger. got a clean bill after the 2nd ad aware scan. (it picked the adware up again even after a delete and qurantine process) All this UN-connected to the intenet through an unplugged wireless connct. It seems clean but I am now unable to connect to internet or even my other desktop although the adapter is working corrrectly and plugged back in. Firewall setting? dont know yet. I willl look in the services behing msconfig and look at your suggestion. Thnxs :knock:

 

[urbaniteman]

well after all that it got infected again immediately. and pop ups without even opening a browser. all virus defs are utd...all windows is utd...adaware is utd....im pissed!!!! THis laptop is a lil older and slower and I could be outdoors. The box i am typing on now is a very good machine but basiclly set up no differently than the lap. I dont understand how i keep getting infected. That is twice after two very complete cleanups.

 

[urbaniteman]

well its fixed i think... but it took system restore to do it. i never like that option. In the end it looks like it was a well hidden browser redirect. 180web search seemed to be a spammer that was highly involved. that was always the first un solisited program to install itself after a connection was made.

 

[Tedster]

yeah, I can sympathize. I downloaded a screensaver that I thought was legit and turned out to be infected with the Aurora adware virus. Extremely nasty to get rid of.
I had to turn back my computer using a backup copy in order to get rid of it.
My anti virus identified it but couldn't stop it. Adware and spybot were useless.

 

[DelJo63]

Unless you have two or more systems connected via a router/hub/switch,
you do not need services on ports 135-139,445,1900. use your firewall
to disable inbound traffic on these ports, or diable the appropriate service(s)

If you do have two or more and need File/Print sharing, then create a rule:
Allow 192.168.x.1-192.168.x.255 tcp/udp ports 135-139,445
where x is the vendor specific default subnet number, typically 0 or 1.
use ipconfig /all to find yours. This will keep the Internet off your system but
still allow your LAN access from any to any.

{I really wish the firewall rules were external files rather than registry entries.
It would be so much easier to share them. }

 

[urbaniteman]

i do indeed have 3 computers tied through a a westell 327W wireless router supplied from verizon. I enjoy messing around with computers and want to learn all I can but am still quite a novice. I will look around and try to find the "rules" section for networking and try your suggestion. I read in a windows networking wizard that tying computers together through a single router is the most difficult way to keep them secure, but I don' know any other way to do it. I guess I'll look that up too.

All I have is the windows firewall, is that good enough?

you said-This will keep the Internet off your system but
still allow your LAN access from any to any. (I dont understand what your getting at here. I want internet access and file and print share between all 3) Is this a bad idea?

Please reply, Im quite interested.

 

[Vigilante]

Could be a different computer on your network causing the reinfection. Try disconnecting all but ONE system at a time. Clean it and do your Windows updates (which include the fixes for those viruses).
Does your Verizon router even HAVE a firewall? Sometimes those specialty devices do not. If it is not a firewall (check the manual), then turn ON all your XP firewalls. Clean them, do your updates.
Getting your Windows updates and turning on the Windows Firewall should block the sasser/blaster type viruses. But if you're already infected, you'll want to use tools like autoruns, adaware, HJT, BHOCaptor, xplspfix and checking your services to get rid of it. I think the McAfee s-t-i-n-g-e-r still scans for those old viruses, use it as well.

Good luck.