My computer restarts by itself from time to time. Why? How do I make that go away?

Restarts or repowers itself? If latter then your power supply maybe dying out (just got a new power supply for mine too, same thing happened with me.). If it only restarts (as in power isn't knocked out) then you may have a virus or your motherboard maybe shot but I am thinking it is the former (virus).

Could you give more details about the problem?

I sit with Compaq Presario from 1998 (sad) and Win XP Prof. When it is about to restart there is this thing that pops out and says (as I recall) some Authority System, process C/Windows system 321/lsass.exe status code 128 (blah blah). That is all that I know. I guess if there was a power shortage it would just shut down, or there wouldn't be a pop-up thing.

I've heard of that virus. My box doesn't show the proper symptoms. It restarts, really, from time to time. While if it were the virus it would do so as often as every 10 minutes.

I pray this thing functions till the semester ends!

Well there are old exploits for lsass.exe (Local Security Authority Service ).

I mentioned in the OS pinned thread that lsass.exe and Winlogon.exe work together in the sense that Winlogon deals with login/logoff and that lsass deals with authenticating the security level of the user (From either being at the machine or being at a remote).

[Note a Firewall can solve some instances of this and RPC restarts]

The old exploit was one that allowed someone to bufferoverflow through a constructed packet to make a system shut down (This is where the virus writers then started using those exploits).

Currently there is the Sasser worm which has spread quite alot, that creates a file in your task manager called isass.exe I believe.
http://www.sciforums.com/showthread.php?t=35827

I hope that aids you.

I bet for the virii also
especially because now sasser is on the loose
knocked out the british coastal guard, you know

edit: a firewall can secure it , if you block particular ports
I think they were TCP 135-139 and some four hundred, maybe 495-499
also you can get a patch from microsoft.com->downloads
or you can change your OS to Linux :p

Yup, virus it was. Many thanks.

You know, getting your beloved Linux would make me exert extra stress on my muscles and brain, and I highly doubt the adored Linux is perfect enough for that. :p Shortly, BITE ME.

ah, I didn't notice it was you who posted the thread, volk :D

Make sure you get all critical updates from Microsoft. If you don't, you're hanging up a sign on the internet that says "Rape me."

Dont update your XP drivers,especially Sounds Drivers...the updates Suck!


bye!

Restarts or repowers itself? If latter then your power supply maybe dying out (just got a new power supply for mine too, same thing happened with me.). If it only restarts (as in power isn't knocked out) then you may have a virus or your motherboard maybe shot but I am thinking it is the former (virus).

sort of off topic, but bad ram can cause some nasty restarts too (been there, done that) heh....

Cazov, I know, happened to me when I burned down my motherboard *and* partially ram

Ok, I admit I am a full idiot before you say anything. So I got rid of the virus, and then it said to get some other thing to prevent infection. I thought, well, since I can get rid of it, no biggie, I don't need that thing. So, naturally, I got the same problem again; and again. My computer is a little slow so it takes me 15-20 minutes to download KB835732, which is longer than what it takes for my comp to restart.
The joy is, it still restarts but says there is no virus. Does that mean a soon end? How soon? Besides all of that, it says it's low on virtual memory (I don't know what that is :( ).

you are running WinXP right?
go to my computer (rightclick) manage computer -> services
and disable the RPC service
that's the hole in os it's using to get in.
if lucky it should help
if not - ask your tech friend to bring everything needed to cure your os on a disc

Isn't the RPC a required service? I think windows might go batty without it.

edit: Virtual memory is the swap file windows uses in case you run out of regular memory. Most modern computers don't need to use it much, as most have mucho memory. Hit Ctrl-Alt-Del. This will bring up the task manager. It's got your system info on one of it's tabs. You can also find which process is using all your memory and shut it down.

more badly than restarting every 60seconds? :D
actually [I think!] it might result in some programs not functioning correctly when they want to connect to smthing (each other for example)
don't have winxp installed right now to check it
but in any case it would buy her time to get that windows patch!
then it can be turned on again

+I think virtual memory is misfunctioning because of low disk space or that's caused by that virii

Good point about disk space. How much do you have, Whitewolf? You never know, you might be hosting an IRC filesharing bot. :p

I've got over 1gb of space (out of initial 4. keep in mind the Roman mill that I have). That's a lot more than what I had before the problem started.
With internet, I've got lsasss.exe (a few, sometimes more or less), msn6.exe, stfmon.exe, tsystray.exe, atievxx.exe, spoolsv.exe, svchost.exe (a few), services. exe, winlogon.exe, scrss.exe, smss.exe, nkvmon.exe, system, system idle process. Doesn't look like anything unnecessary. After I logged on to internet, there was that restart window again but it disappeared. I think the pc gods began to favor me more.
more badly than restarting every 60seconds?
I'll wait for 3rd opinion on that one.

Check the memory usage of each process, also, check the performance tab as well, it has page file usage.

If you got the lsa shutdown window again, it sounds like you still got the worm.
http://vil.nai.com/images/125007.gif

http://vil.nai.com/images/125007b.gif
from here: http://msn.mcafee.com/virusInfo/default.asp?id=description&virus_k=125007

Here's the Microsoft page on sasser: http://www.microsoft.com/security/incident/sasser.asp?

Do you have a firewall? Are you using the XP Firewall? On the microsoft page, it says that these most likely will prevent infection. If this doesn't work, I'd go ahead and try disabling rpc anyway. It might allow you to download the update. If it doesn't work, you can alway reenable it (hopefully). Either that or get a friend to download the update and carry it to your computer.

Me personally, I'd reinstall. Enable the windows firewall before logging on to the net. And keep your fingers crossed. I hate even the idea that I might have missed something. Of course, I reinstall often to keep the system neat and tidy.

So, you're on dial-up? Sounds like everyone needs a firewall these days. Even dial-up's are getting tagged.

edit: By the way, you should be fine for hard drive space. Check your page file usage with task manager.

I think my neighbor got hit by this thing like 6 months ago. Wonder when Sasser first appeared. Didn't have a clue what it was at the time. I never saw the shutdown window, but by his description it sounded like the second picture above.

Just found this from microsoft:

Create a file called %systemroot%\debug\dcpromo.log and make the file read-only. To do this, type the following command:

echo dcpromo >%systemroot%\debug\dcpromo.log & attrib +r %systemroot%\debug\dcpromo.log

Note This is the most effective mitigation technique as it completely mitigates this vulnerability by causing the vulnerable code to never be executed. This work-around will work for packets sent to any vulnerable port.
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

Note, you will still need to remove the worm if you have been infected. And this vulnerability also allows people to set up accounts and software on your computer. So you'll need to check for these as well.