Re: NT Authorization (60 second shut down)

From: Ruab (Ruab_at_discussions.microsoft.com)
Date: 06/29/04 

Date: Tue, 29 Jun 2004 08:55:28 -0700

It's definately Win32.MSBlaster virus, Because I suffered from similar problem.
Here are some steps you can take if you have Windows XP,

1>Temperorily Turn off System Restore
2>Go to Services>Go to Remote Procedure Call(RPC) I quote it, dont go to RPC locator
3>Have patches from WinUpdate site
4>GO to symantec.com they have a very good tool to remove blaster virus.
5> To abort the NT Authorization Start>Run>shutdown -a
6>Restore hosts file

I guess it would solve problem, but I reccomend to go on symantec site & read more about Win32.MSBlaster before taking any action.

Regards.

"Bruce Chambers" wrote:

> Greetings --
>
> As you haven't provided any specific details or error messages,
> the following is the result of having to guess what your problem might
> be. There are at least two possibilities:
>
> 1) If you connected the PC to the Internet without having first
> enabled a firewall, without having first installed an antivirus
> application with current virus definition files, and before installing
> the KB828471 Hotfix, you're very likely to get infected from any of
> the thousands of PCs on the Internet that are constantly broadcasting
> the Blaster and/or Welchia worms. It only takes a few seconds of
> exposure.
>
> To stay on-line long enough to get the necessary updates, patches,
> and removal tools, click Start > Run, and enter "shutdown -a" when the
> next RPC countdown begins. This will abort the shut down. Also, make
> sure you've enabled a firewall before starting, to preclude any more
> intrusions while getting the updates/patches/tools.
>
> MS04-012 Cumulative Update for Microsoft RPC-DCOM
> http://support.microsoft.com/default.aspx?scid=kb;en-us;828741
>
> What You Should Know About the Blaster Worm
> http://www.microsoft.com/security/incident/blast.asp
>
> W32.Blaster.Worm a.k.a. W32/Lovesan.Worm
> http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html
>
> W32.Blaster.Worm Removal Tool
> http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
>
> W32.Welchia.Worm a.k.a. W32/Nachi.Worm
> http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html
>
> W32.Welchia.Worm Removal Tool
> http://www.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.html
>
> McAfee AVERT Stinger
> http://us.mcafee.com/virusInfo/default.asp?id=stinger
>
>
> 2) You've apparently contracted the latest worm, W32.Sasser.Worm,
> specifically designed to attack people who do not update their
> computers promptly and who do not practice "safe hex." In other
> words, like Blaster, this worm was developed and distributed _after_ a
> patch for the vulnerability was announced and made publicly available.
> Further, and also like Blaster, this worm could not affect any
> computer whose user had taken the basic precaution of using a properly
> configured firewall.
>
> To stay on-line long enough to get the necessary updates, patches,
> and removal tools, click Start > Run, and enter "shutdown -a" when the
> next Shutdown countdown begins. This will abort the shut down. Also,
> make sure you've enabled a firewall before starting, to preclude any
> more intrusions while getting the updates/patches/tools.
>
> What You should Know about the Sasser Worm and its Variants
> http://www.microsoft.com/security/incident/sasser.asp
>
> Microsoft Security Bulletin MS04-011
> http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx
>
> W32.Sasser.Worm
> http://www.symantec.com/avcenter/venc/data/w32.sasser.worm.html
>
> A tool is available to remove the Sasser worm variants
> http://support.microsoft.com/default.aspx?scid=kb;EN-US;841720
>
> W32.Sasser.Worm Removal Tool
> http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.removal.tool.html
>
> McAfee AVert Stinger Virus Removal Tool
> http://vil.nai.com/vil/stinger/
>
>
> Bruce Chambers
> --
> Help us help you:
> http://dts-l.org/goodpost.htm
> http://www.catb.org/~esr/faqs/smart-questions.html
>
> You can have peace. Or you can have freedom. Don't ever count on
> having both at once. - RAH
>
>
> "Vallery" <anonymous@discussions.microsoft.com> wrote in message
> news:22d8401c45dd5$fb9f39f0$a401280a@phx.gbl...
> > Does anyone know how to get rid of this Virus that
> > restarts your computer every time you connect to the
> > internet?
> >
> > THANKS
>
>
>

Relevant Pages

  • Re: Windows XP Product Activation
    ... application with current virus definition files, and before installing ... sure you've enabled a firewall before starting, ... What You Should Know About the Blaster Worm ... W32.Blaster.Worm Removal Tool ...
    (microsoft.public.windowsxp.setup_deployment)
  • Re: NT Authority System
    ... sure you've enabled a firewall before starting, ... What You Should Know About the Blaster Worm ... W32.Blaster.Worm Removal Tool ... firewall and WinXP's Internet Connection Sharing feature. ...
    (microsoft.public.windowsxp.general)
  • Re: remote procedure call
    ... sure you've enabled a firewall before starting, ... What You Should Know About the Blaster Worm ... W32.Blaster.Worm Removal Tool ... more intrusions while getting the updates/patches/tools. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: System is shuttng down NT authority 60 seconds
    ... and removal tools, click Start> Run, and enter "shutdown -a" when the ... sure you've enabled a firewall before starting, ... What You Should Know About the Blaster Worm ... W32.Blaster.Worm Removal Tool ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Virus?
    ... school behind a firewall, so I am confused on how Sasser ... >> Office 2003 and all updates, ad aware and updates, and ... > You've apparently contracted the latest worm, ... >McAfee AVert Stinger Virus Removal Tool ...
    (microsoft.public.security.virus)
Quantcast