XP Shutdown error-C:windows/system32/services.exe...

nooch511

I support an e-trading environment. One of my traders night trades his home PC. It runs 5 trading apps and a VPN client. After a couple hours his PC counts down from 60 seconds and shuts down. He gets this error:

"The system process C:windows/system32/services.exe terminated unexpectantly with status code -1 system will shut down and restart"

I have tried to find this status code -1 on knowledge bases and other forums. I find other similar errors pointing to malicious worms, viruses, etc.

I'm pretty sure the PC is able to handle this load, we build very powerful boxes for the traders and his night trading is pretty tame.

Any pointers here would help, Thanks

sthomas

Check for Spyware, Viruses, rootkits and uninstall all software the user does not use or need. Since this is a home PC I am guessing AOL, Netzero etc... could be installed. Then install Updates and delete temp files.

blackmage439

If the computer visually displays a countdown, that sounds like a worm; one coded to be more of a nuisance rather than one that destroys or steals data. Hopefully a virus scan can reveal something if I'm right...

Slowhand

Yup, definately a virus/worm variant or another piece of potentially unwanted software. Run that traders PC through all the virus scans and spyware scans you've got. My suggestion would be to take his hard drive out of his PC, hook it up as a secondary drive to another machine (or put it in an external enclosure) and scan it from that PC. (That way, none of the original PC's system files are active.) After that, put it back in the first machine, and run some virus and spyware scans on it locally. That should be enough to knock out any major viruses and spyware, at least enough so to back up all the data and get the machine reformatted, if it should come to that.

nooch511

Thanks guys.....we just handed this PC off to him 2 weeks ago and already he's mucked it up

Thanks!

Sie

As mentioned does sound like a worm or some form of virus check for things like reg entries for "c:\windows\system32\services.exe svchost...blah blah"

However dont rule out a failing service, anything helpful in the event log?

JDMurray

There are several services that Windows XP considers so important that it will reboot itself if the service hangs. The one that plagues me is lsass.exe occasionally hanging and forcing Windows XP to countdown and reboot. The services.exe host is simply used to run programs distributed as DLLs, and is a favorite tools of Windows virus writers. This service is necessary for Windows to run, so you can't disable or uninstall it. Your only option is to use a Malware or spyware scanner that finds and removes the problem.

drakhan2002

...and make sure you tell him that company provided machines are for business use only. Do you have a logon banner or something that states the machine is for business use only? You might need it should want to fire him for inappropriate use of the computer.

One of the risks you now have to face is because you've created a remote node by using a VPN, you might find your network being attacked by this malware. Hopefully you can fix this problem and move on. Good luck.

kenny504

Well......until the culprit is found.

When you see the 60 second countdown again. Simply open your command prompt and issue the command shutdown -a . That should abort the shutdown completely.

nooch511

I was just talking to him and he ran symantec, it found nothing. I was going to have him run a bunch of other spywares. He then tells me this happens when he allows the PC to go into standby. When he brings it out, thats when it happens. I don't know about any of you, but when I used to let my PC go into standby it was dragging and freezing something fierce not to mention all the app errors that would happen. It just can't be a good idea to let 5-6 heavy process burdening apps start back up at the same time when he brings the PC out of standby.

I think he gets the picture though about the use of the PC... it's his bread and butter, livelihood, etc. for him and our company. He's got a personal laptop to buy his shoes and purses on ebay with.

to be continued.

NPA24

Also check the event viewer of the pc. It will show exactly what time the pc shuts off and if it is a forced shutdown. If it's not a virus it could also be Windows Update. My pc is set to auto update and when it gets an update that needs a reboot it pops up a window with a countdown. You can easily turn this feature off by a registry setting to not allow a reboot.

Let me know if that is the cause.

Sie

From what you have said to me it sounds like a service is failing to 'come back to life' after the system has gone into standby.

As i mentioned above (and NPA24 has mentioned) look in the event logs and see if you can find what service is causing the problems.

Also check what services are running and investigate any that dont look familiar.