General discussion

Locked

Restart Problem with 2000

By khadarar ·
Restart Problem with Server 2003
We have Dell Server having Windows Server 2003, Enterprise Edition, installed on it. But from last few days , a problem of restart have been created on it.
After booting, a message appears on it any time, and counting begins that in 60 sec your system would be restarted.

we have installed all patches, updates on it as desired by it.

This is "lsass.exe" file problem.
Pls help.

This conversation is currently closed to new comments.

6 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by Black Panther In reply to Restart Problem with 2000

Try the info on this link

http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.worm.html

Collapse -

by Black Panther In reply to

How Can I Remove the Sasser worm?

Follow these steps in removing the Sasser worm.

1) Disconnect your computer from the local area network or Internet

2) Terminate the running program

Open the Windows Task Manager by either pressing CTRL+ALT+DEL, selecting the Processes tab or selecting Task Manager and then the process tab on WinNT/2000/XP machines.
Locate one of the following programs (depending on variation), click on it and End Task or End Process
avserve.exe
avserve2.exe
skynetave.exe
any process running with the "_up.exe" suffix

Close Task Manager
3) Activate the Windows XP Firewall (if running Windows XP) or another firewall to prevent the worm from shutting your system down while downloading the patches. To activate the Windows XP firewall, follow these steps.

Click on Start, Control Panel
Double-click on Networking and Internet Connections, then click on Network Connnections
Right-click on the connection you use to access the Internet and choose Properties
Click on the Advanced Tab and check the box
"Protect my computer and network by limiting or preventing access to this computer from the Internet"
Click OK and close out of the Network and Control Panel
3) Download and Install the patches for the LSASS Vulnerability and others

Microsoft Windows NT? Workstation 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000 Service Pack 3, and Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP and Microsoft Windows XP Service Pack 1
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server? 2003
Microsoft Windows Server 2003 64-Bit Edition
5) Remove the Registry entries

Click on Start, Run, Regedit
In the left panel go to
HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>Current Version>R

Collapse -

by Black Panther In reply to

How Can I Remove the Sasser worm?

Follow these steps in removing the Sasser worm.

1) Disconnect your computer from the local area network or Internet

2) Terminate the running program

Open the Windows Task Manager by either pressing CTRL+ALT+DEL, selecting the Processes tab or selecting Task Manager and then the process tab on WinNT/2000/XP machines.
Locate one of the following programs (depending on variation), click on it and End Task or End Process
avserve.exe
avserve2.exe
skynetave.exe
any process running with the "_up.exe" suffix

Close Task Manager
3) Activate the Windows XP Firewall (if running Windows XP) or another firewall to prevent the worm from shutting your system down while downloading the patches. To activate the Windows XP firewall, follow these steps.

Click on Start, Control Panel
Double-click on Networking and Internet Connections, then click on Network Connnections
Right-click on the connection you use to access the Internet and choose Properties
Click on the Advanced Tab and check the box
"Protect my computer and network by limiting or preventing access to this computer from the Internet"
Click OK and close out of the Network and Control Panel
3) Download and Install the patches for the LSASS Vulnerability and others

Microsoft Windows NT? Workstation 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000 Service Pack 3, and Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP and Microsoft Windows XP Service Pack 1
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server? 2003
Microsoft Windows Server 2003 64-Bit Edition
5) Remove the Registry entries

Click on Start, Run, Regedit
In the left panel go to
HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>Current Version>R

Collapse -

by Intelligent In reply to Restart Problem with 2000

If hte Window say RPC failure then you need to set services.

Go to services.
Right click Remote procedure call, go to properties,click on registry tab. select do not do anything from the drop down box, click OK.

Collapse -

by exNN In reply to Restart Problem with 2000

once after you are sure your server is virus free, maybe you will need to reboot with a liveCD OS, like BartPE, it will allow you to remove all unwanted files virus has left. My case they were on c:\winnt\system32\microsoft\Crypto\RSA\S-1-5-18\use\4\2\0\2\2\2
there are some bat files, before you delete them, find out what they do. Almost sure some registry keys were added also. Good luck

Collapse -

by matthew.roberts In reply to Restart Problem with 2000

Hi

I had this exact problem. I think it's a Bobax virus variant or something like that. It stopped me runnign Windows update.
Install the Microsoft hotfix 835732, reboot then run Windows Update - that's what I did and mine is fine now.

Back to Windows Forum
6 total posts (Page 1 of 1)  

Related Discussions

Related Forums