RE: virus restarting machines

["Miha Pihler" <Miha.Pihler () snt si>]

> Your system is most likely compromised and with windows that is always a
really bad thing.

And with all other operating systems, being compromised, would be a good
thing? :-D

Mike

-----Original Message-----
From: Dustin Larmeir [mailto:dustin () larmeir com] 
Sent: Thursday, January 24, 2008 7:30 PM
To: 'ViersOnline'; adrian_smith () live com
Cc: incidents () securityfocus com
Subject: RE: virus restarting machines

I have definitely seen this behavior before. I have found that even safe
mode would not stop this though booting into last known good config may work
if it is related to a recent software installation. Your system is most
likely compromised and with windows that is always a really bad thing. I
would use a PE environment and see what you can find.

-----Original Message-----
From: ViersOnline [mailto:viers () free fr] 
Sent: Thursday, January 24, 2008 11:03 AM
To: adrian_smith () live com
Cc: incidents () securityfocus com
Subject: Re: virus restarting machines

the one I know, having such a gross behavior is called windows update :)

adrian_smith () live com wrote:
> anyone has ever experienced this kind of problem, probably due to
virus/spyware, causing server and pc to reboot ( wondows2003)... i post the
message i've found in log:"The process GL_<random_number>.exe has initiated
the restart of computer SERVER on behalf of user NT AUTHORITY\SYSTEM for the
following reason: No title for this reason could be foundReason Code:
0x0Shutdown Type: restart" thx
>

Attachment: smime.p7s
Description: