PDA

View Full Version : Pretty Wierd.



tmon
05-04-2004, 08:52 PM
Had two system freezes today, which is an unusual event for me. Seemed to do with activity on the network, file sharing or something.

Anyway, I had to force a reboot.

The next three times I restarted the VT[3] software, I got the GUI saying that it wasn't registered. The registration prompt showed a Product ID# that I'd never seen before.

Two more reboots later, everything is back to normal, with the previous, and what I assume to be, proper, Product ID# showing.

How wierd is that?

And no, I haven't been smoking anything.

Scott Bates
05-05-2004, 08:33 AM
Haven't seen this for a long time Taiji, but did during VT[2] or [3] beta testing when installing new builds or patches. I discovered that warm reboots wouldn't fix it, but a total system shutdown and a cold re-start would bring back the proper Product ID. I believe you can check the Product ID in System > Programs > VT[3] > Utilities to see if it's the proper one before booting VT.

mgutman
05-05-2004, 10:23 AM
sbates-
From what I've read, the "sasser" worm could be responsible. It doesn't delete files, but here is an excerp from www.msnbc.com...

Users who are infected likely won't realize it, Gullotto said. Their machines might slow down some, or they might notice extra traffic on their modems, but generally the virus doesn't announce itself -- except on those occasions when it forces a machine to shut down. If that happens, users will see a dialog box indicating the program LSASS.EXE has been terminated.

Good luck,
Mike

creach
05-05-2004, 11:23 AM
Sasser leaves a file on the machine, "avserve.exe" that can be seen by doing a start>find files. Sasser will crash the machine by attempting to exploit a hole in LSASS.exe, as you have already said. LSASS.EXE will generally popup an error message indicating it's about to puke. Yesterday I was having a few freaky problems and did some checking. You can get more info at Symantec, and they also have a Sasser extraction tool. Follow the link:
http://www.symantec.com/avcenter/venc/data/w32.sasser.worm.html (http://http://www.symantec.com/avcenter/venc/data/w32.sasser.worm.html)

Like sbates, I have discovered that a complete shutdown will cure problems that a warm boot won't touch. My normal attempts to fix quirks includes (in this order) first quit toaster, then kill winrtme. Restart toaster. If the problem is still there, a complete shutdown will generally fix it.

Dan