Guest Bodmass Posted March 26, 2009 Posted March 26, 2009 I've been investigating an "NT Authority system" error message I get that restarts my system with error code 1073741819. This led me to believe I have a sasser infection in my system, which in turn led me to download the malicious software removal tool. Unfortunately (just as the McAffee stinger tool did), this has twice merely closed down during the scan. What it gives me is an exception report that starts thus Exception information Code: 0xc0000005 Flags 0x00000000 Record 0x0000000000000000 Address: 0x000000005a380c1c and goes on to list aprox 100 modules. (my PC has been giving me this error message from a whole variety of applications bit-torrent/games/video converting/burning etc.) My question is why wont this scan/where do I go from here if this utility wont scan? (I was directed here from the scanners KB page) I'm running xp home, sp3. I'm also told the following file will be included the error report C:\DOCUME~1\User\LOCALS~1\Temp\e5c6_appcompat.txt Sadly I cant figure out what location that points to. Quote
Guest 1PW Posted March 26, 2009 Posted March 26, 2009 On 03/26/2009 12:58 PM, Bodmass sent:<span style="color:blue"> > I've been investigating an "NT Authority system" error message I get that > restarts my system with error code 1073741819. This led me to believe I have > a Sasser infection in my system, which in turn led me to download the > malicious software removal tool. > > Unfortunately (just as the McAfee stinger tool did), this has twice merely > closed down during the scan. > > What it gives me is an exception report that starts thus > Exception information > Code: 0xc0000005 Flags 0x00000000 > Record 0x0000000000000000 Address: 0x000000005a380c1c > > and goes on to list approx 100 modules. > > (my PC has been giving me this error message from a whole variety of > applications bit-torrent/games/video converting/burning etc.) > > My question is why wont this scan/where do I go from here if this utility > wont scan? > > (I was directed here from the scanners KB page) > I'm running xp home, sp3. > > I'm also told the following file will be included the error report > C:DOCUME~1UserLOCALS~1Tempe5c6_appcompat.txt > Sadly I cant figure out what location that points to.</span> What antivirus software does your system have? Update it (if possible) and run a full scan. If you're able, download, install, update and run the free version of: <http://www.malwarebytes.org/mbam-download.php> Carefully note what each of the above finds and report in a follow-up post. Your post is much better written than most we see. However, you may have exceeded your level of expertise. The above steps may allow you to safely capture your personal files before having your hard disk drive reformatted and getting Windows XP Home applied in a clean install. Pete -- 1PW @?6A62?FEH9:DE=6o2@=]4@> [r4o7t] Quote
Guest Bodmass Posted March 26, 2009 Posted March 26, 2009 I have fully up to date versions of Spybot, Adware free, AVGFree & Comodo Free firewall attempts to scan with any of these overnight lately, whilst also running Azureus/Vuze, has led to system crash & reboot. (it is only today that I have noticed the "NT Authority system" reboot warning) will investigate the programme suggested & report back. Will I need to deacivate any of the above programmes? "1PW" wrote: <span style="color:blue"> > On 03/26/2009 12:58 PM, Bodmass sent:<span style="color:green"> > > I've been investigating an "NT Authority system" error message I get that > > restarts my system with error code 1073741819. This led me to believe I have > > a Sasser infection in my system, which in turn led me to download the > > malicious software removal tool. > > > > Unfortunately (just as the McAfee stinger tool did), this has twice merely > > closed down during the scan. > > > > What it gives me is an exception report that starts thus > > Exception information > > Code: 0xc0000005 Flags 0x00000000 > > Record 0x0000000000000000 Address: 0x000000005a380c1c > > > > and goes on to list approx 100 modules. > > > > (my PC has been giving me this error message from a whole variety of > > applications bit-torrent/games/video converting/burning etc.) > > > > My question is why wont this scan/where do I go from here if this utility > > wont scan? > > > > (I was directed here from the scanners KB page) > > I'm running xp home, sp3. > > > > I'm also told the following file will be included the error report > > C:DOCUME~1UserLOCALS~1Tempe5c6_appcompat.txt > > Sadly I cant figure out what location that points to.</span> > > What antivirus software does your system have? Update it (if possible) > and run a full scan. > > If you're able, download, install, update and run the free version of: > > <http://www.malwarebytes.org/mbam-download.php> > > Carefully note what each of the above finds and report in a follow-up post. > > Your post is much better written than most we see. However, you may > have exceeded your level of expertise. The above steps may allow you to > safely capture your personal files before having your hard disk drive > reformatted and getting Windows XP Home applied in a clean install. > > Pete > -- > 1PW @?6A62?FEH9:DE=6o2@=]4@> [r4o7t] > </span> Quote
Guest David H. Lipman Posted March 26, 2009 Posted March 26, 2009 From: "Bodmass" <Bodmass@discussions.microsoft.com> | I have fully up to date versions of Spybot, Adware free, AVGFree & Comodo | Free firewall | attempts to scan with any of these overnight lately, whilst also running | Azureus/Vuze, has led to system crash & reboot. (it is only today that I | have noticed the "NT Authority system" reboot warning) | will investigate the programme suggested & report back. | Will I need to deacivate any of the above programmes? What is "Azureus/Vuze" ? -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Guest John Posted March 26, 2009 Posted March 26, 2009 "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message news:Ow4d6wlrJHA.3864@TK2MSFTNGP02.phx.gbl...<span style="color:blue"> > From: "Bodmass" <Bodmass@discussions.microsoft.com> > > | I have fully up to date versions of Spybot, Adware free, AVGFree & > Comodo > | Free firewall > > | attempts to scan with any of these overnight lately, whilst also running > | Azureus/Vuze, has led to system crash & reboot. (it is only today that > I > | have noticed the "NT Authority system" reboot warning) > > | will investigate the programme suggested & report back. > > | Will I need to deacivate any of the above programmes? > > > What is "Azureus/Vuze" ? ></span> BitTorrent client Quote
Guest ~BD~ Posted March 26, 2009 Posted March 26, 2009 David H. Lipman wrote:<span style="color:blue"> > From: "Bodmass" <Bodmass@discussions.microsoft.com> > > | I have fully up to date versions of Spybot, Adware free, AVGFree & Comodo > | Free firewall > > | attempts to scan with any of these overnight lately, whilst also running > | Azureus/Vuze, has led to system crash & reboot. (it is only today that I > | have noticed the "NT Authority system" reboot warning) > > | will investigate the programme suggested & report back. > > | Will I need to deacivate any of the above programmes? > > > What is "Azureus/Vuze" ? > </span> Tsk, tsk! Google is your friend too! http://azureus.sourceforge.net/ -- Dave Quote
Guest Bodmass Posted March 26, 2009 Posted March 26, 2009 Malwarebytes' Anti-Malware 1.34 Database version: 1904 Windows 5.1.2600 Service Pack 3 26/03/2009 23:23:02 mbam-log-2009-03-26 (23-22-48).txt Scan type: Full Scan (C:\|F:\|G:\|) Objects scanned: 199203 Time elapsed: 1 hour(s), 32 minute(s), 55 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: G:\System Volume Information\_restore{53DF1F30-FF51-4194-882D-EB5208715613}\RP303\A0456981.exe (Trojan.Agent) -> No action taken. G:\System Volume Information\_restore{53DF1F30-FF51-4194-882D-EB5208715613}\RP303\A0456983.exe (Trojan.Agent) -> No action taken. C:\Program Files\Common Files\svchost.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. Quote
Guest David H. Lipman Posted March 27, 2009 Posted March 27, 2009 From: "Bodmass" <Bodmass@discussions.microsoft.com> | (Trojan.Agent) -> No action taken. | C:\Program Files\Common Files\svchost.exe (Heuristics.Reserved.Word.Exploit) ->> No action taken. You do NOT want that ! -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Guest Tom [Pepper] Willett Posted March 27, 2009 Posted March 27, 2009 Bugger off, Hooplehead. "~BD~" <BoaterDave@hotmail.co.uk> wrote in message news:gqh2oa$8h9$1@nntp.motzarella.org... : Quote
Guest Bodmass Posted March 27, 2009 Posted March 27, 2009 all errors now quarantined and deleted. I have re-reun the removal tool. The express scan came back clean so I tried the full scan (after avg had crashed during an attempted scan), and it hung again overnight giving me another of my constant exception reports as per my first post (for what it's worth I saved the extra file that was generated - is this likely to have any decipherable information of use?). A scheduled full scan of AVG has started and is currently running with lots of "this file could not be scanned properly" messages coming back. As the exception report from the removal tool hasn't been closed down yet I'm going to touch nothing till the AVG scan completes in case theres anything thrown up that I can ask about at the AVG forum. I'm thinking about restarting into safe mode to try & allow the removal tool to run there. Worth a try or a waste of time? Thanks, Bod "David H. Lipman" wrote: <span style="color:blue"> > From: "Bodmass" <Bodmass@discussions.microsoft.com> > > > | (Trojan.Agent) -> No action taken. > | C:Program FilesCommon Filessvchost.exe (Heuristics.Reserved.Word.Exploit) > ->> No action taken. > > You do NOT want that ! > > -- > Dave > http://www.claymania.com/removal-trojan-adware.html > Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp > > > </span> Quote
Guest Bodmass Posted March 27, 2009 Posted March 27, 2009 well avg merely caused my system to reboot after 4 hours, but I rescanned with malwarebyte & that is at least still clean. Does the Malicious Software Removal Tool do anything that Malwarebyte doesn't? Is it worth my continuing with diagnostics or do I just need to investigate how to save my personal data & reinstall xp? (although my copy came pre-installed 3 years ago & I have no backup disk) Quote
Guest David H. Lipman Posted March 27, 2009 Posted March 27, 2009 From: "Bodmass" <Bodmass@discussions.microsoft.com> | well avg merely caused my system to reboot after 4 hours, but I rescanned | with malwarebyte & that is at least still clean. | Does the Malicious Software Removal Tool do anything that Malwarebyte | doesn't? Is it worth my continuing with diagnostics or do I just need to | investigate how to save my personal data & reinstall xp? | (although my copy came pre-installed 3 years ago & I have no backup disk) The Microsoft MRT does target some trojans and viruses that MBAM may NOT target. I suggest dumping ALL temp files, Temporary Internet Files/caches and performing a complete Check Disk and Defrag proior to do any mor scanning. Then, you may want to try my Multi AV Scanning Tool. Download MULTI_AV.EXE from the URL -- http://www.pctip.ch/ds/28400/28470/Multi_AV.exe or http://212.98.39.7/ds/28400/28470/Multi_AV.exe http://www.pctip.ch/downloads/dl/35905.asp or http://212.98.39.7/downloads/dl/35905.asp English: http://www.raymond.cc/blog/archives/2008/0...virus-for-free/ To use this utility, perform the following... Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS } Choose; Unzip Choose; Close Execute; C:\AV-CLS\StartMenu.BAT { or Double-click on 'Start Menu' in C:\AV-CLS } NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your FireWall to allow it to download the needed AV vendor related files. C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS} This will bring up the initial menu of choices and should be executed in Normal Mode. This way all the components can be downloaded from each AV vendor's web site. The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC. You can choose to go to each menu item and just download the needed files or you can download the files and perform a scan in Normal Mode. Once you have downloaded the files needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key during boot] and re-run the menu again and choose which scanner you want to run in Safe Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode. When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help file. Please report back your results -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Guest Bodmass Posted March 28, 2009 Posted March 28, 2009 "David H. Lipman" wrote: <span style="color:blue"> > I suggest dumping ALL temp files, Temporary Internet Files/caches and performing a > complete Check Disk and Defrag proior to do any mor scanning. > > Then, you may want to try my Multi AV Scanning Tool. > </span> I've run CHKDSK, cant find the report though I've run disk defrag, 6 unmoveable files I've run CCleaner for the temp files, 1 item not cleaned I also tried adaware but that just restarted my system overnight (no successful sweep since 3/3 Assuming that's all ok to go ahead, I'm off to install your tool. Thanks. Quote
Guest Bodmass Posted March 30, 2009 Posted March 30, 2009 I've now managed to run the ms MRT in safe mode - it found nothing (nor did the mcafee stinger tool or symantecs w32 sasser removal tool). the MRT took about 12 hours, so it may be some time before I report back following all the scans, But I will. But can I ask if anyone reading this has actually had experience of dealing with this specific error. NT System Authority C:/windows/system32/services.exe code: 1073741819 and the message that my system will close down in 60 secs [countdown] I can find many references to it in google, but no confirmed cures. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.