Re: Blaster

From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 03/16/04 

Date: Mon, 15 Mar 2004 19:57:40 -0500

When you get the shutdown message...

Go to; Start --> Run
enter; shutdown -a

This will halt the shutdown and give you a chance to Download the McAfee worm removal tool,
Stinger: http://vil.nai.com/vil/stinger/ or the Microsoft Lovsan/Blaster and Nachi/Welchia
Removal Tool
http://www.microsoft.com/downloads/details.aspx?FamilyId=E70A0D8B-FE98-493F-AD76-BF673A38B4CF&displaylang=en
and install the following patch for the RPC/RPCSS Buffer Overflow Vulnerability that is
addressed by Microsoft Security Bulletin MS03-39 http://support.microsoft.com/?kbid=824146

Please read: http://www.microsoft.com/security/incident/blast.asp

You also need a FireWall. If you don't patch the PC and not use a FireWall then you will
just be re-infected.

I also suggest the installation of *ALL* MS Critical Updates ASAP.

Dave

BTW: If you post to UseNet with your TRUE, not a munged, email address then you have
invited the
Swen Internet worm [aka; W32/Gibe-F] to visit you.

"Roger Wick" <r . w i c k @ c o mcast.net> wrote in message
news:eKQivCvCEHA.2600@TK2MSFTNGP12.phx.gbl...
| I think I have some variant of the blaster virus. I'm running Windows XP
| Home.
| I always said there was no virus that I couldn't remove from a computer,
| because if I had to I would format the hard drive. I think I met my
| Waterloo.
| Coming from a cold boot I got about 30 seconds before a window pops up that
| says Remote Procedure Call is closing down my computer. And then it counts
| down from 60 seconds and closes down. It will not allow me to go into
| administrative services and change the RPC. I double click on it and
| nothing happens. I have tried everything. Booted in safe mode, booted from
| a system disk, booted to my C: prompt. Whoever authored this virus covered
| all the bases.
| All I want to do at this point is format the hard drive. Any
| Suggestions??????????????????????????????
|
|

Relevant Pages

  • Re: NT AUTHORITY/SYSTEM
    ... This virus has been around for a long time now, ... run Windows Update regularly to get all critical patches. ... > removal tool from another PC and transfering across on a ... >> this old RPCbased shutdown happening. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Is reinstallation needed??
    ... > going to automatically shutdown then restart. ... If you connected the PC to the Internet without having first ... What You Should Know About the Blaster Worm ... W32.Blaster.Worm Removal Tool ...
    (microsoft.public.windowsxp.general)
  • Re: nt authoritysystem
    ... To stop shutdown, click Start, click Run and type: ... It doesn't remove the worm. ... You can then connect to the Internet and download the Microsoft relevant patch. ... Internet to obtain the patch, definitions, or removal tool before the worm shuts ...
    (microsoft.public.windowsxp.customize)
  • Re: LSASS.EXE ??
    ... > up with the following error and then a timed shutdown (60 ... > updates from 09/22 in SAFE MODE but to no avail. ... What You should Know about the Sasser Worm and its Variants ... McAfee AVert Stinger Virus Removal Tool ...
    (microsoft.public.win2000.setup)
  • Re: computer shuts down after 60seconds notice
    ... When you get the shutdown message... ... This will halt the shutdown and give you a chance to Download the McAfee worm removal tool, ... and install the following patch for the RPC/RPCSS and DCOM Vulnerabilities that are ... | I think i have a virus in the computer. ...
    (microsoft.public.security.virus)