Re: Problems after removing msblaster

Well Somebody said I maybe had the 'nachi' worm and I must delete the
following
*
*HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcPatch

*HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcTftpd
*
*C:\WINNT\SYSTEM32\WINS\DLLHOST.EXE (10,240 bytes)
*
*C:\WINNT\SYSTEM32\WINS\SVCHOST.EXE

I don't have any of these files or entries and now the PC's in a rebooting
loop even without logging on ???

my god is it possessed ??

because if I do a AV scan with the upto date ver it detects no virus ??

any ideas people ?

thanks

>
>"Microsoft" <hornickj@msn.com> wrote in message
news:2ikmb.14882$5c2.4774@okepread03...
> Have you looked for the RPC Services in the registry?
>
> They should be located in
> HKey_Local_Machine/System\CurrentControlSet\Services
>
> I think they were like RPCUpdater or something like that. You should only
> have RPCLocator & RPCSs.
>
> Joey Hornick
>
>
> "Blaze" <asfdaf@aff.com> wrote in message
> news:lwjmb.499$sP5.5054@newsfep4-glfd.server.ntli.net...
> > Hi
> >
> > I was having problems with my Office Programs... Excel wouldn't open,
cut
> > and paste didn't work in word.. etc
> > I found that I had msblaster on a few PC's
> >
> > I tried to install the MS patch and it failed because I needed SP2 or
> above
> >
> > I installed SP4 and removed the blaster.exe with the norton fix exe
> >
> > I then applied the patch then I rebooted the PC
> >
> > I log on and the problem is that the PC reboots after a couple of
seconds
> of
> > logging on ..over and over
> >
> > If I boot into safe mode the PC stays on, I have put on all the Windows
> > updates and yet its still reboots a few seconds after logging on
normally
> >
> > I have searched to see if the blaster virus is still there yet it keeps
> > rebooting
> >
> > Any ideas ???
> >
> > thanks
> >
> >
>
>

Blaze,

Let's do this where you get fixed, not add to any problem you may have.
Try an online scan from Symantec.
http://securityresponse.symantec.com/
After it is through, write all the information down.
the name of the virus, worm, and/or Trojan Horse is important.
With the name of the vermites, place them in a google search and look for the virii, one at a
time.
When you find a Symantec Fix Procedure. I did not say a "Fix" tool. Virus protection software
IS NOT like getting a shot. There IS NO instant fix. Some CURES are complicated. If not done
complete them in the exact order, you will NOT fix the problem. The keys you show may or may
not need attention, but one thing for sure, when you change the registry, you can get to a
place of FORMATTING real fast, if not backed up properly. When you edit the regedit.exe (not
REGEDT32.EXE), it is really easy to "export" a particular key, usually you would leave them on
the desktop (maybe in a folder) with a small notepad (.txt) file to remember exactly what the
keys are from and for what. Believe me, a little of doing this can save you a whole lot of
misery later.

I do at this time highly suggest you get and use the following:
A good AVP (with current definitions) (run a virus check, once per day right now)
A good firewall (hardware [router] or software) like Zone Alarm (and use it properly)
A privacy program (Ad-aware)
An anti-malware program(SpyBot-S&D)(be careful to learn this program) it can case damage like
deleting and executable for CD burners.
All have a free version at www.spychecker.com

This may all seem to be too much, but when you get rigged up, and have others tell you of
their misery, while you are purring like kitten, You will be happy.

Please believe me,
don
-------------





"Blaze" <asfdaf@aff.com> wrote in message
news:KxFmb.1382$Zr6.269@newsfep4-winn.server.ntli.net...
Well Somebody said I maybe had the 'nachi' worm and I must delete the
following
*
*HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcPatch

*HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcTftpd
*
*C:\WINNT\SYSTEM32\WINS\DLLHOST.EXE (10,240 bytes)
*
*C:\WINNT\SYSTEM32\WINS\SVCHOST.EXE

I don't have any of these files or entries and now the PC's in a rebooting
loop even without logging on ???

my god is it possessed ??

because if I do a AV scan with the upto date ver it detects no virus ??

any ideas people ?

thanks

>
>"Microsoft" <hornickj@msn.com> wrote in message
news:2ikmb.14882$5c2.4774@okepread03...
> Have you looked for the RPC Services in the registry?
>
> They should be located in
> HKey_Local_Machine/System\CurrentControlSet\Services
>
> I think they were like RPCUpdater or something like that. You should only
> have RPCLocator & RPCSs.
>
> Joey Hornick
>
>
> "Blaze" <asfdaf@aff.com> wrote in message
> news:lwjmb.499$sP5.5054@newsfep4-glfd.server.ntli.net...
> > Hi
> >
> > I was having problems with my Office Programs... Excel wouldn't open,
cut
> > and paste didn't work in word.. etc
> > I found that I had msblaster on a few PC's
> >
> > I tried to install the MS patch and it failed because I needed SP2 or
> above
> >
> > I installed SP4 and removed the blaster.exe with the norton fix exe
> >
> > I then applied the patch then I rebooted the PC
> >
> > I log on and the problem is that the PC reboots after a couple of
seconds
> of
> > logging on ..over and over
> >
> > If I boot into safe mode the PC stays on, I have put on all the Windows
> > updates and yet its still reboots a few seconds after logging on
normally
> >
> > I have searched to see if the blaster virus is still there yet it keeps
> > rebooting
> >
> > Any ideas ???
> >
> > thanks
> >
> >
>
>

case = cause

"dcdon" <olekingcoleNO@SPAMhotmail.com> wrote in message
news:rDHmb.20553$%x5.1876@twister.austin.rr.com...
Blaze,

Let's do this where you get fixed, not add to any problem you may have.
Try an online scan from Symantec.
http://securityresponse.symantec.com/
After it is through, write all the information down.
the name of the virus, worm, and/or Trojan Horse is important.
With the name of the vermites, place them in a google search and look for the virii, one at a
time.
When you find a Symantec Fix Procedure. I did not say a "Fix" tool. Virus protection software
IS NOT like getting a shot. There IS NO instant fix. Some CURES are complicated. If not done
complete them in the exact order, you will NOT fix the problem. The keys you show may or may
not need attention, but one thing for sure, when you change the registry, you can get to a
place of FORMATTING real fast, if not backed up properly. When you edit the regedit.exe (not
REGEDT32.EXE), it is really easy to "export" a particular key, usually you would leave them on
the desktop (maybe in a folder) with a small notepad (.txt) file to remember exactly what the
keys are from and for what. Believe me, a little of doing this can save you a whole lot of
misery later.

I do at this time highly suggest you get and use the following:
A good AVP (with current definitions) (run a virus check, once per day right now)
A good firewall (hardware [router] or software) like Zone Alarm (and use it properly)
A privacy program (Ad-aware)
An anti-malware program(SpyBot-S&D)(be careful to learn this program) it can case damage like
deleting and executable for CD burners.
All have a free version at www.spychecker.com

This may all seem to be too much, but when you get rigged up, and have others tell you of
their misery, while you are purring like kitten, You will be happy.

Please believe me,
don
-------------





"Blaze" <asfdaf@aff.com> wrote in message
news:KxFmb.1382$Zr6.269@newsfep4-winn.server.ntli.net...
Well Somebody said I maybe had the 'nachi' worm and I must delete the
following
*
*HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcPatch

*HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcTftpd
*
*C:\WINNT\SYSTEM32\WINS\DLLHOST.EXE (10,240 bytes)
*
*C:\WINNT\SYSTEM32\WINS\SVCHOST.EXE

I don't have any of these files or entries and now the PC's in a rebooting
loop even without logging on ???

my god is it possessed ??

because if I do a AV scan with the upto date ver it detects no virus ??

any ideas people ?

thanks

>
>"Microsoft" <hornickj@msn.com> wrote in message
news:2ikmb.14882$5c2.4774@okepread03...
> Have you looked for the RPC Services in the registry?
>
> They should be located in
> HKey_Local_Machine/System\CurrentControlSet\Services
>
> I think they were like RPCUpdater or something like that. You should only
> have RPCLocator & RPCSs.
>
> Joey Hornick
>
>
> "Blaze" <asfdaf@aff.com> wrote in message
> news:lwjmb.499$sP5.5054@newsfep4-glfd.server.ntli.net...
> > Hi
> >
> > I was having problems with my Office Programs... Excel wouldn't open,
cut
> > and paste didn't work in word.. etc
> > I found that I had msblaster on a few PC's
> >
> > I tried to install the MS patch and it failed because I needed SP2 or
> above
> >
> > I installed SP4 and removed the blaster.exe with the norton fix exe
> >
> > I then applied the patch then I rebooted the PC
> >
> > I log on and the problem is that the PC reboots after a couple of
seconds
> of
> > logging on ..over and over
> >
> > If I boot into safe mode the PC stays on, I have put on all the Windows
> > updates and yet its still reboots a few seconds after logging on
normally
> >
> > I have searched to see if the blaster virus is still there yet it keeps
> > rebooting
> >
> > Any ideas ???
> >
> > thanks
> >
> >
>
>

dang, why don't I do a spell check properly
sorry
....deleting and... = deleting AN executabl...

don
;-(


"dcdon" <olekingcoleNO@SPAMhotmail.com> wrote in message
news:rDHmb.20553$%x5.1876@twister.austin.rr.com...
Blaze,

Let's do this where you get fixed, not add to any problem you may have.
Try an online scan from Symantec.
http://securityresponse.symantec.com/
After it is through, write all the information down.
the name of the virus, worm, and/or Trojan Horse is important.
With the name of the vermites, place them in a google search and look for the virii, one at a
time.
When you find a Symantec Fix Procedure. I did not say a "Fix" tool. Virus protection software
IS NOT like getting a shot. There IS NO instant fix. Some CURES are complicated. If not done
complete them in the exact order, you will NOT fix the problem. The keys you show may or may
not need attention, but one thing for sure, when you change the registry, you can get to a
place of FORMATTING real fast, if not backed up properly. When you edit the regedit.exe (not
REGEDT32.EXE), it is really easy to "export" a particular key, usually you would leave them on
the desktop (maybe in a folder) with a small notepad (.txt) file to remember exactly what the
keys are from and for what. Believe me, a little of doing this can save you a whole lot of
misery later.

I do at this time highly suggest you get and use the following:
A good AVP (with current definitions) (run a virus check, once per day right now)
A good firewall (hardware [router] or software) like Zone Alarm (and use it properly)
A privacy program (Ad-aware)
An anti-malware program(SpyBot-S&D)(be careful to learn this program) it can case damage like
deleting and executable for CD burners.
All have a free version at www.spychecker.com

This may all seem to be too much, but when you get rigged up, and have others tell you of
their misery, while you are purring like kitten, You will be happy.

Please believe me,
don
-------------





"Blaze" <asfdaf@aff.com> wrote in message
news:KxFmb.1382$Zr6.269@newsfep4-winn.server.ntli.net...
Well Somebody said I maybe had the 'nachi' worm and I must delete the
following
*
*HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcPatch

*HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcTftpd
*
*C:\WINNT\SYSTEM32\WINS\DLLHOST.EXE (10,240 bytes)
*
*C:\WINNT\SYSTEM32\WINS\SVCHOST.EXE

I don't have any of these files or entries and now the PC's in a rebooting
loop even without logging on ???

my god is it possessed ??

because if I do a AV scan with the upto date ver it detects no virus ??

any ideas people ?

thanks

>
>"Microsoft" <hornickj@msn.com> wrote in message
news:2ikmb.14882$5c2.4774@okepread03...
> Have you looked for the RPC Services in the registry?
>
> They should be located in
> HKey_Local_Machine/System\CurrentControlSet\Services
>
> I think they were like RPCUpdater or something like that. You should only
> have RPCLocator & RPCSs.
>
> Joey Hornick
>
>
> "Blaze" <asfdaf@aff.com> wrote in message
> news:lwjmb.499$sP5.5054@newsfep4-glfd.server.ntli.net...
> > Hi
> >
> > I was having problems with my Office Programs... Excel wouldn't open,
cut
> > and paste didn't work in word.. etc
> > I found that I had msblaster on a few PC's
> >
> > I tried to install the MS patch and it failed because I needed SP2 or
> above
> >
> > I installed SP4 and removed the blaster.exe with the norton fix exe
> >
> > I then applied the patch then I rebooted the PC
> >
> > I log on and the problem is that the PC reboots after a couple of
seconds
> of
> > logging on ..over and over
> >
> > If I boot into safe mode the PC stays on, I have put on all the Windows
> > updates and yet its still reboots a few seconds after logging on
normally
> >
> > I have searched to see if the blaster virus is still there yet it keeps
> > rebooting
> >
> > Any ideas ???
> >
> > thanks
> >
> >
>
>

I've seen this happen in the field. This was one of the reasons why I want
to do really nasty things to the guy that wrote the virus. What might've
happened is that the virus has infected a file, probably nn.dll (or
something like that), and the infected file got removed.

I haven't had much chance to follow up on it yet but I think the file in
question is actually related to Network neighbourhood, so the instant your
system tries to boot up and access network components, well hasta la vista
babe.

If you've got some sort of systems image, I'd advise that you try and
recover using that. Otherwise, you always try and copy a good version of the
file back.

I'm assuming you're running Win 2000 Pro here.

Have a nice one,

Ka.

"Blaze" <asfdaf@aff.com> wrote in message
news:KxFmb.1382$Zr6.269@newsfep4-winn.server.ntli.net...
> Well Somebody said I maybe had the 'nachi' worm and I must delete the
> following
> *
> *HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcPatch
>
> *HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcTftpd
> *
> *C:\WINNT\SYSTEM32\WINS\DLLHOST.EXE (10,240 bytes)
> *
> *C:\WINNT\SYSTEM32\WINS\SVCHOST.EXE
>
> I don't have any of these files or entries and now the PC's in a rebooting
> loop even without logging on ???
>
> my god is it possessed ??
>
> because if I do a AV scan with the upto date ver it detects no virus ??
>
> any ideas people ?
>
> thanks
>
> >
> >"Microsoft" <hornickj@msn.com> wrote in message
> news:2ikmb.14882$5c2.4774@okepread03...
> > Have you looked for the RPC Services in the registry?
> >
> > They should be located in
> > HKey_Local_Machine/System\CurrentControlSet\Services
> >
> > I think they were like RPCUpdater or something like that. You should
only
> > have RPCLocator & RPCSs.
> >
> > Joey Hornick
> >
> >
> > "Blaze" <asfdaf@aff.com> wrote in message
> > news:lwjmb.499$sP5.5054@newsfep4-glfd.server.ntli.net...
> > > Hi
> > >
> > > I was having problems with my Office Programs... Excel wouldn't open,
> cut
> > > and paste didn't work in word.. etc
> > > I found that I had msblaster on a few PC's
> > >
> > > I tried to install the MS patch and it failed because I needed SP2 or
> > above
> > >
> > > I installed SP4 and removed the blaster.exe with the norton fix exe
> > >
> > > I then applied the patch then I rebooted the PC
> > >
> > > I log on and the problem is that the PC reboots after a couple of
> seconds
> > of
> > > logging on ..over and over
> > >
> > > If I boot into safe mode the PC stays on, I have put on all the
Windows
> > > updates and yet its still reboots a few seconds after logging on
> normally
> > >
> > > I have searched to see if the blaster virus is still there yet it
keeps
> > > rebooting
> > >
> > > Any ideas ???
> > >
> > > thanks
> > >
> > >
> >
> >
>
>