Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

First NT Authority\System error and now RunDLL error


  • Please log in to reply
1 reply to this topic

#1 Process1977

Process1977

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 20 February 2009 - 11:10 PM

I think it's pretty clear that my issue is virus related. It all started yesterday when I was doing a virus scan I got the NT Authority\System error that cut my virus scan short. (shut down in 60 seconds, blah blah) The anti-virus programs I've used are Ad-Aware, Malwarebytes, Spybot, and McAfee. All found errors. Ad-aware continues to find that my Windows Security is disabled. I can't seem to get rid of that.

I should note that all of these anti-virus programs were being run in safe mode because I couldn't get any icons or toolbar on my desktop doing a normal boot. So, after I ran all of these and got pretty clean I tried to boot regularly. Now I'm getting the following:

a RUNDLL error: C:WINDOWS\xccdf16_090131a.dll
a message saying that CTF loader was shut down
another message about CTFMON
a DOS prompt window quickly appearing, then disappearing immediately followed by...
Blue Screen of Death with PAGE_FAULT_IN_NONPAGED_AREA

So then I go back into safe mode for more anti-virus work. As soon as I complete a virus scan I then get the same NT Authroity\System shutdown message that I've always been getting.

I'm doing all my research on a separate computer because I can't browse the internet, upload SuperAntiSpyware, nothing on the infected laptop. So I'm really at a loss here. Please help. Thanks.

Edited by Process1977, 20 February 2009 - 11:11 PM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:58 PM

Posted 20 February 2009 - 11:19 PM

The symptoms you describe could be symptomatic of a variety of things to include hardware/software issues, overheating caused by a failed processor fan, bad memory (RAM), failing or underpowered power supply, CPU overheating, motherboard, video card, faulty or unsigned device drivers, CMOS battery going bad, BIOS and firmware problems, dirty hardware components, programs hanging or unresponsive in the background, and even malware.

When doing a search on the net for Shutdown initiated by NT Authority\system, you will find thousands of complaints with various causes and possible solutions. What works for one person may not work for another.

Some rootkits have been found to be accompanied by BSOD's and various stop error/shutdown messages so a rootkit check should be performed. I recommend performing an anti-rootkit (ARK) scan with one of the following:Before performing an ARK scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.
  • Disconnect from the Internet or physically unplug you Internet cable connection.
  • Clean out your temporary files.
  • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
Note: Not all hidden components detected by ARKs are malicious. It is normal for a Firewall, some Anti-virus and Anti-malware software (ProcessGuard, Prevx1, AVG AS), sandboxes, virtual machines and Host based Intrusion Prevention Systems (HIPS) to hook into the OS kernal/SSDT in order to protect your system. You should not be alarmed if you see any hidden entries created by these software programs after performing a scan.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users