i got this shutdown message (that sasser worm like thing) a while ago and again today. so i decided to take the hard disk out of this pc and scan it with another pc that has avast! Home Edition, but it didn’t find that sasser worm. so do i really have the worm or these forced shutdowns can just happen without having that virus?
Welcome to the forums, tuuleveski. 
Can you give us the exact words used in the message?
Also, can you do an avast boot time scan of that hard drive?
Try scanning with an online scanner like Kaspersky.
I suggest a full computer on-line scanning:
BitDefender
ESET NOD32
F-Secure
For detection-only, not cleaning:
Kaspersky
Trendmicro housecall
I don’t exactly remember the message, but it had something to do with lsass.exe. I did boot time scan, but it returned nothing. I also did an online NOD32 scan when running the OS from that drive and also F-Secure online scan in another computer, both didn’t find any virus.
What kind of utility can I use to monitor all the processes that could help me determine if there is a virus?
And is that autoshutdown always connected to sasser worm or can it be something else not related to any virus?
your computer maybe not infected by any virus. Just maybe some of your windows component are not work. in this case maybe the user account component are not working. Any windows popup say that your lsass.exe component error then telling you that the computer will be shutdown or else???
yes, a windows pop up or msgbox, similar to this one:
http://img264.imageshack.us/img264/8237/lsass.gif
Read the instructions, download and burn (maybe from another computer), finally use one of this rescue CD’s:
Also, run
chkdsk /R
to see if it is any system file error.
open cmd and type shutdown -a
that closes the box
and check your startup apps and there should be something like shutdown -s and disable it
oh wait…
it says its because lsass.exe is terminated… hold on
http://support.microsoft.com/kb/321024 article by microsoft
it says:
- Click Start, and then click Run.
- In the Open box, type regedit, and then click OK.
- In Registry Editor, navigate to the following subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock2 - Right-click Winsock2, and then click Delete on the shortcut menu that appears.
- Click Yes to confirm the deletion of the key.
- Repeat steps 3 through 5 to remove the following registry subkeys (if present):
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Winsock2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Winsock2 - Quit Registry Editor.
- Restart Windows normally.
I’m not really sure if the error code was exactly that. This image was something I found from the web. It looks very same, but i’m not 100% sure if the code was the same.
Anyways I burned the F-Secure rescue CD, scanned the hard drive with another PC and found nothing. I did chkdsk /r - did not find any bad sectors, but the report said this:
CHKDSK discovered free space marked as allocated in the master file table (MFT) bitmap.
Windows has made corrections to the file system.
apart from that everything else was normal.
So this lsass.exe error might just be something other than virus?
This problem occur if you have modified any of your program before. To repaired it, just insert the xp cd and repaired your window using the xp installation. Currently, this problem occur if you are using old windows version like windows SP1 or SP2 build without windows update. In my experience, there are no slightly virus that can do this problem which such a sign and symptom like this.
Lots of virus scanners don’t detect shutdown commands…
You might have something in your startup.