Endless Paradigm

Something very scary just happened with my PC, I was normally chatting and browsing and wanted to install Picasa as suddenly a box appeared in my face saying:
"An unknown error has occured. Windows will shut down in a minute" I was like double you tee eff and opened TaskManager to see what process is causing this.... well ALL of my processes where run by "Unkown user" I wanted to shut down the system, only thing that happened "You don't have the permission to shut down this system"
My next reaction.... I pulled the plug. It's currently rebooting..... is this Conficker or what??? Any suggestions what I should do besides NOD32 scan?

Conficker just got overhyped attention (and if it was indeed that, it doesn't want to crash your computer, really!).

Windows does that if one of the core system processes (lsass.exe I think) crashes or is killed.  A reboot should fix it - so see what happens.

shutdown /a to cancel the shutdown prompt if you need time to save stuff.

Phew thanks Zinga, seems it's fine again.... maybe the Picasa installer was infected or something.... You might be right about the core service thing I also thought of this now that I calmed down, panic sucks >_< The whole scenario reminded me of BLASTER.WORM.W32A back in XP days. It also crashed a core service to make the system reboot.

It's probably a random crash rather than Picasa doing something.

Killing winlogon.exe is more fun though >_> (don't do it unless you want to see an instant crash)

I wouldn't worry about it, unless it happened again (and again). Windows is known to suddenly play "BOO" with the PC users.

I can tell you're using Windows XP......

......if you were on Vista, it would of never happened ;D  But then again, you'd be playing games at 10 less FPS too. Heh.


It happanes usually when the RPC Locator gets anal raped by Malware, it could be a trojan or it could be adware or it could be a hacker literally getting into your computer RIGHT THEN AND THERE or it could be a dodgy driver.

ZiNgA BuRgA Wrote:Conficker just got overhyped attention (and if it was indeed that, it doesn't want to crash your computer, really!).

The Service Layer had a big overhaul in XP SP3, there's lot's of redundancy checks for kernel stacking, and if some kind of override (usually an overflow are easiest to detect and most common) from the attack isn't prevented but still detected, Windows XP will purposely kill the RPC Locator (or something else depending on the nature of the failure) to force you to restart, as a security breach has occured. It's a "last resort" activity of Windows NT and has been there since Windows 2000. Windows Vista had a massive overhaul to it, this is why all the top cracker/hacker teams use Vista ;) lol. But as I said, a dodgy driver can also cause this behavior. For this reason, 64-bit OS's are more stable because they require signed and certified drivers (ensuring no memory leaks, security backdoors or stability issues). Anywho....

My advice, if you use torrents PeerGuardian 2 is a 100000% MUST HAVE SECURITY software, otherwise azn milit0r haxx will fire scuds at ur router all day. And use a good Security Suite, either Kaspersky or NOD32, all the rest are kinda spoon or memory hogs or have arses in detection rates.

Spybot Search & Destroy and SUPERAntiSpyware are among the best system sweepers too, SUPER was rated #1 for rootkit removal (something that XP is still very prone to).

And of course, keep Windows up-to-date. If you hate Windows Update, or can't use it for some reason *wink* *wink*, check out autopatcher.com

Or upgrade to Windows 7 RC1 (which is faster than Vista and more stable, I use it).

Or move to Linux and spend the next ten years learning the operating system and never having fun *cackles*

EDIT: I assume you are at LEAST on XP SP3, right? SP2 is literally a minefield to use online, yes it's become dangerous that quick. Other day, I installed XP SP2 in VMWare, with the mistake of giving it Internet access, instant rootkit.... browser hijacked.... *sigh*.

dude...if you got a rootkit that fast, you must have done something wrong


And why would a virus attempt to attack using a method known to cause a reboot...that's inane considering it slows the facilitation AND gives the user situational awareness

I said that Windows NT 5.x will AT LAST RESORT kill a vital service to try and force a system reboot in the event that an overflow (or service stack fault) can't be prevented. It's not the malware that does it, Windows does it in an attempt to perform pro-active defence cause the client machine is insecure and should be shutdown. If you check the event log after such a failure, you can find out if and why Windows went into this "dying gasp" mode.

And I got a rootkit because I have a static IP on my router, and DMZ mode to my PC because it's also a webhost and gaming host, also a gateway (hence how it got through to VMWare). My point was, Windows SP2 without updates has more leaks and holes than a phishing net (pun!)

;)

Well I'm using Vista and I'm pretty much sure now that the Security Core crashed, the events would make sense like this.

Ohh..... that's odd. Never seen it on Vista... sorry!