Ok... I keep getting this message, or something very similar: Shutdown has been initiated by NT AUTHORITY\SYSTEM. Then it goes on to mention something about C:\WINDOWS\system32\lsass.exe being included in the problem. I was unable to get it all down since I have a 1 minute timer. After that the comp reboots. I have adware programs, and spyware ones. Anti ones that is lol. Also ran multiple virus scans and checked for worms that seemed to have similar results. This comp was a mess, and thanks to all that is now a lot better. But the system slows to a turtles pace or less at times and causes freezing, on top of the shut down problem. This seemed very similar to the sasser worm, which I've had on another computer before... But I want to make sure it is, or get any other ideas before I proceed with anything.

If that's not enough info, just say and I'll try to get down what you need.

Why can't I put questions on here?

Try this to stop the shutdown problem.

1.
On the taskbar at the bottom of your screen, click Start, and then click Run.

2.Type: cmd and then click OK.

3.At the command prompt, type: shutdown.exe -a and then press ENTER.

Then do a google search for panda and use their online scan.

sasser is a worm not a virus. Usually antispyware removers find and removes this parasite.
You just need to choose good program:
Read reviews:
here is the list of good antispyware programs and here is the list of bad programs called corrupt antispyware.

Download McAfee stinger from here
http://vil.nai.com/vil/averttools.asp

If any advice helps, please post back as it might help others.

Well Autofire, you are right... It is the SASSER Worm... Now Smifff is in the right track to give you the perfect tool to remove the Worm... Problem is if the system keeps rebooting its a bit difficult to do whats supposed to be done... So here is how you do it...

1) Disconnect the Internet Connection Physically (Remove Cable Modem in case of High Speed Internet Connection).

2) Click Start - Run - and type "services.msc" and click OK.

3) In Services Window, look out for "Remote Procedure Call (RPC)" and double click on it.

4) Go to "Recovery" Tab in the RPC Properties Window and change the "First, Second and Subsiquent Failures" to "Take No Action" and click on OK.

5) Restart the system.

6) Dissable System Restore.

7) Connect to the internet and then download Stinger as Smifff suggested and run the scan... This will remove the Sasser Worm...

8) Download the Microsoft Patch and install it in your system

Link for MS Patch: http://www.microsoft.com/downloads/details.aspx?FamilyId=3549EA9E-DA3F-43B9-A4F1-AF243B6168F3&displaylang=en

9) Change the RPC Settings to "Restart the Computer"

10) Enable System Restore and Create a Restore Point.

Hope the above is helpfull and resolves your issue, Let us know.

Nick

Ok thanks. I'll try this. But one simple question, how do you disable System restore? I'm not very savy with comps, unfortunately.

Also don't know how to create a restore point lol. But you've all been very helpful so far. that shutdown.exe -a has helped like 5 times.

And nick, all I need to know is how to create restore point, and disable/enable system recovery. =) Since it may take a bit for u to reply, I'll just wait til tomorrow. If that doesn't work, hope you don't mind getting an email :)

Why can't I put questions on here?

To Dissable the System Restore do the Following:

1) Click Start - Right Click on My Computer and Click on Properties - Go to the System Restore Tab and then you will know how to Dissable System Restore.

To Create System Restore Point do the following:

1) Click Start - All Programs - Accesories - System Tools - System Restore. Once you reach here, you will know how to create a restore point too.

Hope the information is Helpfull... Let us know... And No Problemo, i dont mind getting an Email :)

Ok. I haven't made much progress, because Stinger kept freezing up all the time. Finally, it has detected 3 worms:

C:\WINDOWS\System32\msconfig32.exe
Found the W32/Sdbot.worm.gen Virus!

C:\WINDOWS\System32\codq.exe
Found the W32/Sdbot.worm.gen.y virus!

C:\WINDOWS\System32\mxpsp.exe
Found the W32/Sdbot.worm.gen.l virus!

Does anyone (nick? ;P) know what these worms do to your computer? Or good methods for removing them? Stinger was unable to repair/delate them, only detect them. I figure, removing these may fix all my problems, but I don't really know. So I'm just taking it one worm at a time lol. Any feedback at all would be appreciated immensely. And thanks again for all your support so far.

P.S: One small thing, Limewire seems to not work... It says I need java, and I try to install java but it says some file needed to install it is missing..odd..since I install java from a browser and all it's components... Maybe I'm just stupid and missing something tho lol. I can get the file name, but I'm busy atm. So I just wanna focus mainly on the worms for now.

Why can't I put questions on here?

Hmm... Well after doing all the steps atleast did the system stop restarting again and again... If yes, then i guess you made some progress ;-)... Well, regarding removing these worms... There are 2 ways...

1) Run a scan using McAfee or Norton with Latest Updates.

2) Kill the Processes by the name msconfig32.exe, codq.exe and mxpxp.exe from the task manager and then manually go to the system32 folder and delete those files.

Let us know what happened..

Oh..yes. The computer RARELY ever restarts anymore. It only happened once yesterday and that's the first time in a long time. I haven't seen it recently. And even if I do, that handy little shutdown.exe -a will deal with it :).

I'll go get norton and see if it can't fix em. I already tried manually removing them by file, and it said I can't delete a file already in use or something.

Why can't I put questions on here?

Coool... Atleast one thing is solved... About manually deleting those files... Did you Kill those Processes before deleting those files??? Its important to end those processes, else it will not allow you to delete the files... Anyway, do let us know what happens... Good Luck with it

Woo. Ok. It's not sasser. I even ran 2 different removal tools, because there are different types of it. Nothing turned up.. But here's what did lol:

Virus Scan Details:

C:\mmxmtf8exe.exe is infected with Trojan.DownLoader.1746

C:\WINDOWS\SYSTEM32\TFTP3248 is infected with BackDoor.IRC.Sdbot

C:\WINDOWS\dqeyd.exe is infected with Trojan.Isbar.214

C:\WINDOWS\msdirectx.sys is infected with Trojan.FuRootkit

C:\WINDOWS\ss.exe is infected with Trojan.LowZones

C:\Documents and Settings\Owner\Local Settings\Temp\installer.exe is infected with Trojan.MulDrop.924

C:\WINDOWS\SYSTEM32\msconfig32.exe is infected with BackDoor.IRC.Sdbot

C:\Documents and Settings\Owner\msdirectx.sys is infected with Trojan.FuRootkit

C:\Documents and Settings\Owner\mt-uninstaller.exe is infected with Trojan.PurityAd

C:\WINDOWS\SYSTEM32\msdirectx.sys is infected with Trojan.FuRootkit

C:\Documents and Settings\Owner\Local Settings\Temp\optimize.exe is infected with Trojan.Dyfuca

C:\Program Files\EarthLink TotalAccess\Accelerator\temp\benchmark-200510040512.dat is infected with Modification of BAT.Quest.882

C:\Documents and Settings\Owner\Local Settings\Temp\nsp34.tmp\remover.dll is infected with Trojan.PurityAd

So... lots and lots of Trojans, and spyware, but I figure the torjans should be dealt with first. Do you know a good trojan removal program that will detect/delete(or quarintine w/e) Trojans? I tried finding one to no avail. Mainly because my internet is messing up (probably because of the trojans) and making some pages not load. Anyways, a direct link would be the greatest if anyone has the time.

P.S. End the process? Like Ctrl+alt_del? If so... msconfig and application manager aren't working, they open and close instantly. My brother said the virus was behind it.. Which seems pretty plausible.

Why can't I put questions on here?

Whoaa !!! Seems like the last scan took almost 15 days... Hmmm, there are lots of Trojans in the system... Try this particular Trojan Remover and let us know if it helps:

http://dl.filekicker.com/send/file/168259-1P80/trsetup.exe

And regarding the MSCONFIG and Task Manager not working... Yeah, your bro is right, its because of bad infections of Spywares in the system... Try the Trojan Removal Tool and then download Adaware and Microsoft AntiSpyware and run a scan on your system... And remember, while running scan on your computer, you should not be connected to the internet, meaning if you use High Speed internet, Disconnect the Cable Modem... And run the Adaware from Safe Mode and Normal Mode...

Links For Adaware and AntiSpyware:

Adaware:
http://dsvs.org/10/aawsepersonal.exe

MS Antispyware:
http://download.microsoft.com/download/8/1/5/815d2d60-49b5-44dc-ae35-fca2f2c6f0cc/MicrosoftAntiSpywareInstall.exe

Let us know what happens

Nick

Sorry for the 15 day delay lol. Got tired of trying to fix it. But hopefully this will work. I'll include a summary of everything that was wrong, and how I fixed it at the end if this does fix it, for future people with the same problems.

Why can't I put questions on here?

Ok. Great news. I downloaded and ran AVG Antivirus trial, and that make my computer soooooooo much faster. But the internet still lagged. So I got your FileKicker thing, and now the computer is fine =). Thanks a bunch guys.

Summary:

Problem: Was getting a shutdown warning of 1min that couldn't be cancelled.

Solution: It hasn't happened after I ran AVG/Filekicker, but if it does, Start>Run>Typing in 'cmd'>Then typing in "shutdown.exe -a" and hitting enter works.
----------

Problem: Computer was going really slow, opening things on the desktop lagged, and webpages that I knew existed couldn't be found.

Solution: Not sure what did it, But AVG Antivirus deleted/healed like 400 corrupt files and a few of the virus origins.

-----------

Problem: After AVG the internet still lagged too much, but the computer was working fine and fast.

Solution: I ran Nick's filekicker program, Trojan Removal (see above) and ran it, which fixed that problem.

-----------

That's about it I think. Was hectic, but it's good now. Still gotta download those antispyware/adware programs you listed though, nick. =)

Anyways, thanks for everyone's help who contributed. Oh and in a final note, STINGER did help also. It sped the computer up to begin with, but still had many problems and sometimes would go slow. Thanks a bunch, and hope this can help future problems.

Why can't I put questions on here?

Cool AutoFire,

Finally after a long time everything is sorted out... Congratz on that... Was nice talking to you... And thanks for posting back on all the Solutions...

Take Care,
Nick

Windows is not a Virus. Viruses actually DO something, where as Windows Do Nothing.