RE: worm related?
asm_at_iname.com
Date: 08/14/03
- Next message: Nicholas: "Re: blasterworm"
- Previous message: Testy: "Re: Why does windows suck?>"
- In reply to: Curtis Koenig [MSFT]: "RE: worm related?"
- Next in thread: Curtis Koenig [MSFT]: "RE: worm related?"
- Reply: Curtis Koenig [MSFT]: "RE: worm related?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 13 Aug 2003 15:24:49 -0700
Curtis,
Many thanks for your answer to my post.
Your suggestion about removing c:\windows\system32
\prefetch\msblast*.pf seems to have been a step forward
after hours of getting nowhere. Now my taskbar is at least
showing up (although it's just a sliver along the bottom
of the screen - I can right click on it and change
toolbars setting to cause it to pop up, however, iconified
apps do not show up in it, so still not quite right). My
really long boot up time is still continuing and the rpc
service still refuses to start with "Error 1058: The
service cannot be started, either because it is disabled
or because it has no enabled devices associated with it".
Unfortunately, in the Services tool, I try to select
properties from the right-click menu and nothing happens.
I suspect this is since the rpc service (or some other
critical piece of windows) isn't running, so things like
copy and paste don't work and some other right-click menu
things - like properties in the Services tool.
The Cryptographic Service still refuses to start
with "Error 1068: The dependency service or group failed
to start". This means I still can't apply the patch (which
I have on a floppy since I can't connect to the net with
my XP machine). The patch continues to give me "KB823980
Setup Error : Setup could not verify the integrity of the
file Update.inf. Make sure the Cryptographic service is
running on this computer."
I suspect the Cryptographic Service has a dependency on
the rpc service. Does this make sense, and if so, got any
ideas on how to get the rpc service started? The long boot
up time is a behavior which is different after having been
hit three times with the rpc shutdown on Monday night, so
there may still be something lurking (like the prefetch -
thanks again) of which I am not aware.
Still hoping for help - and thanks for your attention -
Andrew
>-----Original Message-----
>Hi ASM and Dave,
>Here are some article to help with the crypto problem and
below that I am
>posting the procedure for removing the worm that are
being used at this
>time.
>
>Crypto articles:
>The article that describes how to fix this for Windows XP
is:
>326815 "Setup Could Not Verify the Integrity of the File"
Error Message
>Occurs
>http://support.microsoft.com/?id=326815
>
>For Windows 2000
>281458 Error Message When You Install a Windows 2000
Service Pack or Product
>http://support.microsoft.com/?id=281458
>
>Worm Removal:
>You can use these steps yourself if you are comfortable
working in your
>registry:
>
>1. Remove the infected computer from the network and
reboot into Safe Mode.
>
>2. Locate the files below, plus the Value "windows auto
update" under the
>Run registry key and deleted them all:
>
>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Run
>
>MSBLAST.EXE under the "C:\Windows\system32" folder
>
>MSBLAST.EXE-1c3a3376.PIF under the "C:\Windows\prefetch"
folder
>
>2a. If you are running Windows XP (any version) it is
also recommended that
>the Internet Connection Firewall be enabled to prevent
re-infection when
>connecting to the internet.
>
>3.Contact your Antivirus provider for assistance in using
any removal tools
>they are providing or you can use one that Symantec is
providing.
>Symantec's Removal tool
><http://securityresponse.symantec.com/avcenter/venc/data/w
32.blaster.worm.re
>moval.tool.html>.
>
>4. If the OS continues to shut down when trying to
connect to
>http://www.microsoft.com/technet/security/bulletin/MS03-
026.asp, with the
>dialog box stating the OS will be shutting down in 30
seconds.
>
>Set the RPC Service to "Take No Action" and reboot, this
should allow you
>to download the patch and install it.
>
>Disclaimer:
>While this may remove the worm in the short term it is
advisable to backup
>any data and then format and reinstall the computer. Once
infected by a
>virus, worm or other malicious program it is not possible
to verify that
>another program that could compromise the system has not
been left by the
>original infection.
>
>Third party products mentioned in this posting are the
sole responsobility
>of the vendor providing them and in no way should this be
considered an
>endoresement by Microsoft.
>
>
>--
>Curtis Koenig
>Support Professional
>Microsoft Clustering Technologies Support
>MCSA, MCSAS,MCSE, MCSES
>
>This posting is provided "AS IS" with no warranties and
confers no rights.
>Please reply to the newsgroup so that others may
benefit. Thanks!
>--------------------
>>Sender: <asm@iname.com>
>>References: <023d01c361d2$9282add0$a601280a@phx.gbl>
>>Subject: worm related?
>>Date: Wed, 13 Aug 2003 13:13:21 -0700
>>
>>I'm running XP Pro and have the same problem with no
task
>>bar and extremely long boot up times after being hit
with
>>the RPC shutdown thing 3 times on Monday night (haven't
>>been able to get back onto the net since).
>>
>>When I try to apply the patch I get an error about no
>>Cryptographic service running. When I try to start the
>>Cryptographic services I get:
>>Error 1068: The dependency service or group failed to
>>start.
>>
>>Hope to find a breakthrough on here at some point. I
think
>>the 'simple fix' about msblaster.exe and the registry
only
>>covers some of the people.
>>
>>>-----Original Message-----
>>>mine does this too. It also does not display the start
>>>button/tool bar and some of the services in the
>>>administration tools do not start and I can not start
>>them
>>>manually. What is up?
>>>.
>>>
>>
>
>.
>
- Next message: Nicholas: "Re: blasterworm"
- Previous message: Testy: "Re: Why does windows suck?>"
- In reply to: Curtis Koenig [MSFT]: "RE: worm related?"
- Next in thread: Curtis Koenig [MSFT]: "RE: worm related?"
- Reply: Curtis Koenig [MSFT]: "RE: worm related?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
