System shutting down with Shutdown message

A

askyrie

n00b
Joined
Jul 1, 2003
Messages
46
Does anyone know what this is and how to fix it?

shutdown.JPG
 
Funniest thing is that I want to use the built in feature of turning off macheines remotely (and other rpc services) but I can't get it to work hehe :D
 
A little tip, just in case 60 seconds isn't enough for you to fix your little "Problem".

Open command prompt and type;

shutdown -a

Comprende? :p
 
Hehe it's fixed now I think. It didn't find any viruses but I ran that RPC patch, and did the windows update. I thought I already ran the Windows update but I guess it shut my machine off halfway. The weird thing is that this computer just got internet access yesterday.
 
Originally posted by askyrie
Hehe it's fixed now I think. It didn't find any viruses but I ran that RPC patch, and did the windows update. I thought I already ran the Windows update but I guess it shut my machine off halfway. The weird thing is that this computer just got internet access yesterday.
Click to expand...

I would do a thorough AV scan to be sure. It doesn't take long for worms like MSBlast (or similar variants) to find and infect a system. I recall reading that the [H] staff did a fresh XP install on a system, and within a half-hour of being on the net, it had already been infected with MSBlast.
 
Ok, I did a complete system and found the virus W32.HLLW.Gaobot. What I don't understand is how I got it. It was within 20 min after I got connected to the internet when I got the shutdown message. I looked over at my tech and asked him if he knew what the hell it was and he shrugged. He had his laptop connected to my server to test the network setup that we were working on. Is it possible that it moved from his laptop to me? He's got Win98 though.
 
The worm can get onto your system within seconds of connecting to the internet, that's the trouble. I don't think it could've come from the win98 laptop as it relies on the rpc vulnerability which isn't there in win98...
 
I have had a machine get infected within 10 minutes of getting online, not even time to setup a damn firewall. Investing in a cheap broadband router, if you are broadband, is a great idea and will help alot.
 
Are you using MSN, i just saw a variant infect and entire network that was connected through a lan modem to MSN, then i had a freind who uses MSN and he got the exact same thing, If you can get DSL i would highly recomend it, it seems to block a lot of stuff..
 
Originally posted by bigstusexy
Funniest thing is that I want to use the built in feature of turning off macheines remotely (and other rpc services) but I can't get it to work hehe :D
Click to expand...

really? thats weird, i have a bunch of machines that shut down automatically with a bat file every night when the building closes, im work on WOL right now to get them to power up in the morning. Because they are public access machines, that would save a lot of work.
 
Although it was probably just Blaster or some variant, you should realize that it could have been any hacker anywhere in the world. They could have installed a backdoor, rather than a known virus or worm. AV software is not going to detect backdoors.

I always end up doing a re-install on compromised machines, because there's just no way you can trust what's on there. How can you know for certain that this wasn't a hacker who installed a backdoor? Any Windows commands you run may have been replaced with ones that hide the presence of the backdoor.

Paranoid? Maybe, but there are people out there who do this sort of stuff. The RPC hole in Windows certainly could be used towards this end, and there's plenty of exploit code around for it. Stanford University had many cases of systems being compromised by hackers around the time of Blaster.

For those who scanned systems and did find Blaster, how do you know that a hacker didn't put that there to make you think that that's all that happened to your system?

Does it matter? Do you ever do financial transactions online? Check you bank account? Use a credit card? Does your SSN ever go into your computer (TurboTax, etc)?

The new record I've heard is a Windows system being compromised within 30 seconds of being placed on the network.
 
Originally posted by bignasty
really? thats weird, i have a bunch of machines that shut down automatically with a bat file every night when the building closes, im work on WOL right now to get them to power up in the morning. Because they are public access machines, that would save a lot of work.
Click to expand...

Mind letting me look at that bacth file? I bet I'm running the right commands I just that there is something I forgot to setup but looking at the batch file might jolt some memories
 
here it be....

Code: 
@echo off

echo NCPL Restart Sequence

echo Beginning Restarts

shutdown /m \\pub1 /r
shutdown /m \\pub2 /r
shutdown /m \\pub3 /r
shutdown /m \\pub4 /r
shutdown /m \\pub5 /r
shutdown /m \\game /r
shutdown /m \\opac /r
shutdown /m \\desk /r
shutdown /m \\backroom /r
shutdown /m \\susandesk /r
shutdown /m \\beckydesk /r
shutdown /m \\walkerdesk /r

echo End of Restarts

echo Goodbye

The /m command does remote and /r will run the restart

shutdown /m /s \\pub1

above would shut the machine down

/f will force programs closed, without notify
/c "comment" will list a comment up to 127 characters

pull up command prompt and hit shutdown /? to see a list of optioons, those are the ones i use, it is really nice such as when i have to stop a service or close a prog on a machine for backups, just run the restart in the beginning of ur bat file and ur good to go

hope this helps,

BigNasty
 
You must log in or register to reply here.
Back
Top