lsass.exe system shutdown error on windows xp

ddeerrff,

Thanks, I got a bit confused.

gvsurgrl,

Thank you for using the Dell Community Forum.

You have a virus on the system. The information below will give you information on resolving the error.

The "NT Authority" error is caused by a computer "worm" that exploits a vulnerability in Windows Component Services.  Microsoft has provided a security patch that repairs the weakness and solves the error.   

Follow the six steps below to fix the problem in Windows XP:

1. Disable RPC Notification
~~~~~~~~~~~~~~~~~~~~~~~~~

* Turn off the computer and disconnect all network cables.  This includes DSL, cable modem, local network, broadband, and etc.

* Turn on the system.  Do not connect to the Internet!

* Click the Start button, and then click Run.

* In the Open box, type: Services.msc

* Click the OK button.

In the list of services scroll halfway to the bottom and double-click the first Remote Procedure entry.

* Click the Recovery tab.

* For all the failure dropdowns, click to select Take No Action.

* Click the OK button to apply the changes.

* Exit the services window by clicking the X in the upper right corner of the window.

NOTE: The RPC Service Notification can be re-enabled after the recommended patches are installed. 

2. Download the Anti-Virus Removal File for this Worm
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

* Reconnect your network cable.

* Download one of these files to your Desktop:

Symantec:

http://securityresponse.symantec.com/avcenter/FixBlast.exe

McAfee:

http://download.nai.com/products/mcafee-avert/Stinger.exe

Follow the on-screen directions to save either of these programs to your Desktop.

3. Download the Security Patch from Microsoft
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

* Go to this URL:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/virus/alerts/msblaster.asp

* Download the WinXP (32 bit) security patch.

* Choose to save the file to your Windows Desktop.
    
* Disconnect your computer from the network cables again.

4. Disable System Restore
~~~~~~~~~~~~~~~~~~~~~~~~~

Before removing the virus, System Restore must be turned off.

* Click the Start button, right-click My Computer, and then left-click Properties from the menu.

* Click the System Restore tab.

* Click to check Turn Off System Restore.

* Click the OK button.

* Click Yes to disable System Restore.

 NOTE: After you have removed the virus and applied the patch, repeat these steps to re-enable System Restore. Having this feature enabled allows the system to return to a previous state with little effort. 

5. Run Virus-Cleaning Tool
~~~~~~~~~~~~~~~~~~~~~~~~~~

* Find the downloaded file on your Desktop named either:

      stinger.exe or FixBlast.exe

* Double-click the file to begin the removal of the virus.

 NOTICE: Do not reboot the system or reconnect to the Internet until the Critical Update is installed. Click to deselect Reboot my Computer if that option is presented. 

6. Install the Critical Update
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

* On your desktop, double-click WindowsXP-KB823980-x86-ENU.exe to expand and execute the patch. For Windows 2000 use Windows2000-KB823980-x86-ENU.exe

* Follow the directions in the wizard to complete the installation.

* Close all open programs including Internet Explorer.

The security patch should be applied when you restart Windows.

* After the system has rebooted, reconnect to the Internet.

If you are still having problems, or you have Windows NT or 2000, please check the Web site below:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/virus/alerts/msblaster.asp

See the Dell Knowledge article below for more information:

Windows 98 and ME users are not affected by this virus.
  

Message Edited by DELL-Jesse on 04-28-2004 09:42 AM

I believe Dell-Jesse was trying to point to the message here.

gvsugrl,

Take a look at the link that ~ddeerrff posted in this thread. It explains it a little better for you.

Jim (or Jesse) -

Ok, I followed all the directions and that seemed to make the computer worse.  Plus, now I can only run my computer after shutting off the shutdown notice (using shutdown.exe -a).  The patch didn't work and I didn't see any of the "bad" files under the Task Manager.  Also, when I disable the shutdown notice, I'm no longer able to use my D or E drives (CD & DVD), as well as access certain web pages (i.e. bank statements, ticketmaster purchase page).  Any more ideas, or am I at the end of the line where I'll have to reload the entire OS?  Let me know what you think :)

Jamie