0
   

I'm not qualified to be here but I would appreciate help

 
 
Reply Mon 11 Aug, 2003 05:20 pm
This may be disjointed. That is at the crux of my problem.

I can log on to my computer but, whatever site I'm on, after a couple of minutes, I get a pop-up saying that, and this is the full quote:

(oops, it just popped up, agin. In 20 seconds, I' gone
  • Topic Stats
  • Top Replies
  • Link to this Topic
Type: Discussion • Score: 0 • Views: 2,241 • Replies: 19
No top replies

 
Craven de Kere
 
  1  
Reply Mon 11 Aug, 2003 05:21 pm
Is that the text? Please come back and re-post it.
0 Replies
 
realjohnboy
 
  1  
Reply Mon 11 Aug, 2003 05:27 pm
Thanks, Craven...I beat the clock by a micro-second. Here is the full text:

This system is shutting down. Pls save all work in progess and log off...
back in a sec
0 Replies
 
fishin
 
  1  
Reply Mon 11 Aug, 2003 05:31 pm
Hmmm.. Sounds like someone is playing with the latest Windows RPC Vulnerability....
0 Replies
 
Craven de Kere
 
  2  
Reply Mon 11 Aug, 2003 05:40 pm
It does indeed sound that way. Update your Anti Virus Program, Update your OS and turn on a firewall (because this exploit opens some ports for attacks).

Murray S posted a great thread about this: W32.Blaster.Worm
0 Replies
 
realjohnboy
 
  1  
Reply Mon 11 Aug, 2003 05:51 pm
The full message is- if I can get it in: This system is shuttting down. Please save all work in progress and log off. Any unsaved changes will be lost. The shutdown was initiated by NT AUTHORITY/SYSTEM.
Message: Windows must now restart because the Remote Procedure Call RPC) service terminated unexpectedly.
0 Replies
 
Craven de Kere
 
  1  
Reply Mon 11 Aug, 2003 05:55 pm
Then it's pretty certain that you have the virus Murray warned about. In his thread there is a plethora of advice.

He gave two links that contain removal instructions:

http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html

and

http://vil.nai.com/vil/content/v_100547.htm
0 Replies
 
realjohnboy
 
  1  
Reply Mon 11 Aug, 2003 06:29 pm
Thanks. I've got no idea what y'all are talking about but I sure that one of the kids doing yardwork on the property will. -rjb-
0 Replies
 
MurrayS
 
  1  
Reply Mon 11 Aug, 2003 06:55 pm
Real Nasty Virus
Howdy RJB:

What it means is that you got bit by a REAL nasty virus..

The links Craven gave you are a couple of av sites with removal instructions as well as how to update Windows/IE so it doesn't get you again !!

Murray
0 Replies
 
realjohnboy
 
  1  
Reply Mon 11 Aug, 2003 07:10 pm
One final stupid question. How can one go through the removal process when the virus keeps turning off the computer?
0 Replies
 
MurrayS
 
  1  
Reply Mon 11 Aug, 2003 07:39 pm
Need This First
Get the following first.. you should be able to stay on long enough to get it.. install it next time on..

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp

Murray
0 Replies
 
MurrayS
 
  1  
Reply Mon 11 Aug, 2003 08:23 pm
Quick Patch
RJB:

If the machine can boot at all do this quick patch:

Do this in Safe Mode !!

(Do not access the Internet yet)

First open task manager, find and end the process 'msblast.exe'

Second, delete the registry key:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Find the value windows auto update
if its value in the right panel is C:\windows\system32\msblast.exe delete the key.

Finally, delete the file c:\windows\system32\msblast.exe

reboot.

Murray
0 Replies
 
Craven de Kere
 
  1  
Reply Tue 12 Aug, 2003 12:49 pm
Here is the full write-up with removal instructions. Print them out:

MSBlast W32.Blaster.Worm :: history and removal instructions
0 Replies
 
realjohnboy
 
  1  
Reply Tue 12 Aug, 2003 05:30 pm
Thanks. I printed and one of the kids doing my yardwork should be able to figure it out. -johnboy-
0 Replies
 
Craven de Kere
 
  1  
Reply Tue 12 Aug, 2003 06:20 pm
You might want to keep the URL off the thread too because it has a link to a removal tool that you'll want to download.

But really, you should try to do this yourself:

Just down load this program to a place that you will remember (e.g. your desktop):

http://securityresponse.symantec.com/avcenter/FixBlast.exe

Then go offline and run the program. Then get backonline and update your antivirus deffinitions and then do a full scan.

That's the bulk of it and the rest is just to be sure.
0 Replies
 
realjohnboy
 
  1  
Reply Wed 13 Aug, 2003 05:56 pm
Craven: I printed out your nine page article on Blaster. It was quite interesting although, of course, most of it went over my head.
Believe it or not there are a few things that I am very good at. Computers are not one.
So I ran the Symantec fix this afternoon. Three times. It takes 8 minutes. I got the message that "W32...has been successfully removed!" But five minutes later it was back.
I have never downloaded programs nor do I open attachments to e-mails from strangers. So where is it lurking? IT''S BACK!!!
0 Replies
 
Craven de Kere
 
  1  
Reply Wed 13 Aug, 2003 05:59 pm
Follow the manual instructions. Read them and get links to some of the steps and print them (e.g. turning off system restore).

It should not be too difficult to complete the manual steps as long as you read everything first and pay attention to each step.
0 Replies
 
USAFHokie
 
  1  
Reply Thu 14 Aug, 2003 10:01 am
Many viruses make backup copies of themselves and hide in other directories... They run another process that checks for the main copy, if it's missing.... they recopy themselves to remain working. so your best bet is to find ALL instances of the registry keys and delete them... and to find ALL files that exectue the worm and remove those as well.

It's also possible that someone has installed a trojan on your machine and can control it remotely....
0 Replies
 
MurrayS
 
  1  
Reply Thu 14 Aug, 2003 02:26 pm
Not a Virus
USAF:

This was a worm NOT a virus and it behaves a tad differently.. Doen't attach to other files.. keeps to itself and simply reeks havoc on whatever system it gets into !!

Murray
0 Replies
 
roger
 
  1  
Reply Thu 14 Aug, 2003 02:31 pm
For what it's worth Murray, I was not able to find msblaster in tasks. To shorten the time involved, I first enabled the XP firewall as you mentioned elsewhere. In desperation, I made the Symantic URL a favorite to save another few seconds. Time to complete the dial up connection varied from one attempt to another, but I was ultimately successful.

Maybe some of these stunts will help someone else.
0 Replies
 
 

Related Topics

YouTube Is Doomed - Discussion by Shapeless
So I just joined Facebook.... - Discussion by DrewDad
Internet disinformation overload - Discussion by rosborne979
Participatory Democracy Online - Discussion by wandeljw
OpenDNS and net neutrality - Question by Butrflynet
Internet Explorer 8? - Question by Pitter
 
  1. Forums
  2. » I'm not qualified to be here but I would appreciate help
Copyright © 2024 MadLab, LLC :: Terms of Service :: Privacy Policy :: Page generated in 0.08 seconds on 12/06/2024 at 01:57:14