Help! Wierdest Windows Error Ever. Could Be Hax?
DOOManiac
Worst. Critic. Ever. Join Date: 2002-04-17 Member: 462Members, NS1 Playtester
Worst. Critic. Ever. Join Date: 2002-04-17 Member: 462Members, NS1 Playtester
in Off-Topic
<div class="IPBDescription">Monse & other smartey pants, please help</div>I have never seen this error in my life or anything like it. Very very wierd.
I wasn't doing anything special outside of normal app usage (mirc, internet explorer). Only thing I've installed recently was the .NET 1.1 framework.
It just had the timer, and it just went and shut down Windows when it reached 0...
I'm quite concerned that this might be something more sinistar than the generic windows crash, especially considering that my box is extremely stable and hardly ever crashes. The error seems to have something to do with network, or something like that. Maybe its somebody on the cable modem network being naughty?
If anybody knows what this really is, please please please tell me.
I wasn't doing anything special outside of normal app usage (mirc, internet explorer). Only thing I've installed recently was the .NET 1.1 framework.
It just had the timer, and it just went and shut down Windows when it reached 0...
I'm quite concerned that this might be something more sinistar than the generic windows crash, especially considering that my box is extremely stable and hardly ever crashes. The error seems to have something to do with network, or something like that. Maybe its somebody on the cable modem network being naughty?
If anybody knows what this really is, please please please tell me.
Comments
So you sure its nothing to worry about?
chkdsk /R
at a cmd prompt, and when told this will run at next boot up, type Y and restart your box.
What is interesting is that the OS called the shutdown.exe command, rather than just telling itself to restart through a kernel command. Very interesting. Ordinarily that command is used as a simple cmdline way of restarting machines remotely, or automating reboots and log offs on Win2000/XP. I have this feeling I've seen this before though - gah, so late my brain refuses to function...
Did it shutdown, or reboot? If i wanted to **** with someone, i'd schedule an AT job and have it call the shutdown command with some bogus message making it sound official. processes under the scheduler run as System (aka root) by default... could take a gander at your scheduled tasks by going to a cmd prompt and typing:
AT
<!--c1--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>CODE</b> </td></tr><tr><td id='CODE'><!--ec1-->C:\Documents and Settings\DOOManiac>AT
There are no entries in the list.<!--c2--></td></tr></table><span class='postcolor'><!--ec2-->
I would not sweat this until it starts becoming a habit.
If you have WinXP but not SP1, then this is quite possibly someone sending the shutdown command to you remotely (they need to have your IP to do this). In any case, SP1 fixes it (SP1 = service pack 1)
I think it's something as ludicrously simple as net send shutdown.exe -s. I honestly don't exactly what/how/when/why/bah, but a couple of my mates were fooling around with it not long ago and I'm pretty sure SP1 was the fix.
If this is indeed what's happening, here's a possible example of what they're doing:
net send shutdown -m \\(your ip) -s -t 60 -c "Shutdown command initiated by elite hax0r. Phear, nub." (shuts down the machine after 60 seconds and displays the previous message.
However, combatting this is quite simple.
If you see the shutdown window appear, simply jump to a command prompt (type cmd or command into the Run box accessed from your start menu) and type 'shutdown -a' (minus the inverted commas).
Then quickly startup your firewall, or reset your modem connection to get another IP.
If it's one of your mates, club him over the head with your baseball bat, or other suitably hard object.
/Edit= Alright 1 more question, Whats Chkdsk /r do, I always use chkdsk /f
Seems like a straight forward windows "feature" to me.
/Edit= Alright 1 more question, Whats Chkdsk /r do, I always use chkdsk /f <!--QuoteEnd--> </td></tr></table><span class='postcolor'> <!--QuoteEEnd-->
Look, i tried. I thought about it, i am FIGHTING WITH MYSELF. MUST... NOT... POST... IMAGE...
<a href='http://www.unknownworlds.com/forums/uploads/post-10-1058514252.jpg' target='_blank'>AAAAAAAAAARRRRRRRRGGGGGGGGHHHHHHH</a>
/Edit= Alright 1 more question, Whats Chkdsk /r do, I always use chkdsk /f <!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
Look, i tried. I thought about it, i am FIGHTING WITH MYSELF. MUST... NOT... POST... IMAGE...
<a href='http://www.unknownworlds.com/forums/uploads/post-10-1058514252.jpg' target='_blank'>AAAAAAAAAARRRRRRRRGGGGGGGGHHHHHHH</a> <!--QuoteEnd--> </td></tr></table><span class='postcolor'> <!--QuoteEEnd-->
Even though I've seen that image before: rotfl <!--emo&:D--><img src='http://www.unknownworlds.com/forums/html/emoticons/biggrin.gif' border='0' style='vertical-align:middle' alt='biggrin.gif'><!--endemo-->
/Edit= Alright 1 more question, Whats Chkdsk /r do, I always use chkdsk /f <!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
Look, i tried. I thought about it, i am FIGHTING WITH MYSELF. MUST... NOT... POST... IMAGE...
<a href='http://www.unknownworlds.com/forums/uploads/post-10-1058514252.jpg' target='_blank'>AAAAAAAAAARRRRRRRRGGGGGGGGHHHHHHH</a> <!--QuoteEnd--> </td></tr></table><span class='postcolor'> <!--QuoteEEnd-->
you had to do it didnt you!
you could just leave it alone!
/Edit= Alright 1 more question, Whats Chkdsk /r do, I always use chkdsk /f <!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
Look, i tried. I thought about it, i am FIGHTING WITH MYSELF. MUST... NOT... POST... IMAGE...
<a href='http://www.unknownworlds.com/forums/uploads/post-10-1058514252.jpg' target='_blank'>AAAAAAAAAARRRRRRRRGGGGGGGGHHHHHHH</a> <!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
you had to do it didnt you!
you could just leave it alone! <!--QuoteEnd--> </td></tr></table><span class='postcolor'> <!--QuoteEEnd-->
Ya wouldn't let it lie!
/Edit= Alright 1 more question, Whats Chkdsk /r do, I always use chkdsk /f <!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
Look, i tried. I thought about it, i am FIGHTING WITH MYSELF. MUST... NOT... POST... IMAGE...
<a href='http://www.unknownworlds.com/forums/uploads/post-10-1058514252.jpg' target='_blank'>AAAAAAAAAARRRRRRRRGGGGGGGGHHHHHHH</a> <!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
you had to do it didnt you!
you could just leave it alone! <!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
Ya wouldn't let it lie! <!--QuoteEnd--> </td></tr></table><span class='postcolor'> <!--QuoteEEnd-->
can you let it DIE!
As for firewalls...I have a hardware and software firewall, and I ALWAYS get the security patchs from windows update whenever they are released. Never had a single problem ^-^
It will only work against a remote machine when you have admin privleges on that machine.
It will list the operator credentials instead of 'NT System Authority' if used by another users.
And anyone who wanted to and had 1/2 a brain could use -f and -t 0 to make your PC reboot instantly with no way for you to abort <!--emo&:p--><img src='http://www.unknownworlds.com/forums/html/emoticons/tounge.gif' border='0' style='vertical-align:middle' alt='tounge.gif'><!--endemo-->
There were 4 computers on down here in my basement, this happened to 2 of the computers at the exact same time.
I only use my administrator account(deleted all others) and it is passworded, I am also running Norton.
When the computers turned off then back on they both opened up with the message : "Windows cannot open this file: TFTP712" And asked me if I could open it with something else. I clicked "let me choose" on both computer but on both computers windows closed the dialog and opened up their website saying they cannot identify the extension.
Doing a search for TFTP712 on google the only link is <a href='http://212.69.208.63/pipermail/bnmlist/2001-September/007535.html' target='_blank'>this</a>, a discussion on a message board about files infected by the nimda virus. The path to the files was \inetpub\TFTP712 which suggests it has something to do with IIS(which I do not have running?)
MS Security Bulletin: <a href='http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-026.asp' target='_blank'>MS03-026</a>
Related Q Article/Patch: <a href='http://support.microsoft.com/?kbid=823980' target='_blank'>Q823980</a>