R
rob
After connection to the internet, message
NT AUTHORITY\SYSTEM
remote procedure call(rpc)
is closing the system down?
NT AUTHORITY\SYSTEM
remote procedure call(rpc)
is closing the system down?
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
G
Gordon
rob said:After connection to the internet, message
NT AUTHORITY\SYSTEM
remote procedure call(rpc)
is closing the system down?
Did you try the "Search" function? You'll get at LEAST 15 posts........
G
Guest
Your computer is now infected with the W32.Blaster.Worm or
one of its variants. This happened because you have not
been using an internet connection firewall and have
apparently neglected to install the critical updates
available at the Windows Update website.
-----------------------------------------------------------
-------
If your computer is constantly attempting to shutdown
or reboot, quickly go to:
Start > Run and type: CMD , and hit enter.
This opens the Command Prompt window.
Then type: shutdown -a , and hit enter.
This should halt the rebooting problem.
-----------------------------------------------------------
-------
Then immediately turn-on Windows XP's built-in Firewall:
http://www.microsoft.com/security/protect/
(To enable the built-in firewall, go to:
Control Panel, double-click Networking and Internet
Connections, then click Network Connections. Right-click
your connection, then
Click Properties, and on the Advanced tab, click the option
"Protect my computer and network..." Note: the built in
firewall only monitors incoming traffic not outgoing (ie
spyware, trojans, etc.. you may have on your system).)
Special note if you use AOL:
America Online installs its own connection settings that
override
the ones that come with Windows XP. America Online's
connection settings don't include a way to turn on Windows
XP's
built-in firewall.
What You Should Know About the Blaster Worm and Its
Variants
http://www.microsoft.com/security/incident/blast.asp
A tool is available to remove Blaster worm and Nachi worm
infections from computers
that are running Windows 2000 or Windows XP
http://support.microsoft.com/?kbid=833330
A security issue has been identified that could allow an
attacker to
remotely compromise a computer running Microsoft Windows
and
gain complete control over it. You can help protect your
computer
by installing this update from Microsoft.
http://www.microsoft.com/downloads/details.aspx?
FamilyId=2354406C-C5B6-44AC-9532-
3DE40F69C074&displaylang=en
Above courtesy of MVP Carey
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
***Install a good firewall. ZoneAlarm is a free one you
can install.
Install a good anti-virus program making sure you keep
it's definitions up to date! ***
- - - - - - - - - - - - -
Microsoft Security Bulletin MS03-39
http://support.microsoft.com/?kbid=824146
What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp
Protect Your PC
http://www.microsoft.com/security/protect/default.asp
W32.Blaster.Worm a.k.a. W32/Lovesan.Worm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm
..html
W32.Blaster.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm
..removal.tool.html
W32.Welchia.Worm a.k.a. W32/Nachi.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32
..welchia.worm.html
W32.Welchia.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.welchia.worm
..removal.tool.html
Also by posting a real and not fuddged email address you
are opening yourself to virus ridden emails. The Swen
Virus (swen is news spelled backwards) harvests emails
from newsgroups and send infected messages to you.
one of its variants. This happened because you have not
been using an internet connection firewall and have
apparently neglected to install the critical updates
available at the Windows Update website.
-----------------------------------------------------------
-------
If your computer is constantly attempting to shutdown
or reboot, quickly go to:
Start > Run and type: CMD , and hit enter.
This opens the Command Prompt window.
Then type: shutdown -a , and hit enter.
This should halt the rebooting problem.
-----------------------------------------------------------
-------
Then immediately turn-on Windows XP's built-in Firewall:
http://www.microsoft.com/security/protect/
(To enable the built-in firewall, go to:
Control Panel, double-click Networking and Internet
Connections, then click Network Connections. Right-click
your connection, then
Click Properties, and on the Advanced tab, click the option
"Protect my computer and network..." Note: the built in
firewall only monitors incoming traffic not outgoing (ie
spyware, trojans, etc.. you may have on your system).)
Special note if you use AOL:
America Online installs its own connection settings that
override
the ones that come with Windows XP. America Online's
connection settings don't include a way to turn on Windows
XP's
built-in firewall.
What You Should Know About the Blaster Worm and Its
Variants
http://www.microsoft.com/security/incident/blast.asp
A tool is available to remove Blaster worm and Nachi worm
infections from computers
that are running Windows 2000 or Windows XP
http://support.microsoft.com/?kbid=833330
A security issue has been identified that could allow an
attacker to
remotely compromise a computer running Microsoft Windows
and
gain complete control over it. You can help protect your
computer
by installing this update from Microsoft.
http://www.microsoft.com/downloads/details.aspx?
FamilyId=2354406C-C5B6-44AC-9532-
3DE40F69C074&displaylang=en
Above courtesy of MVP Carey
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
***Install a good firewall. ZoneAlarm is a free one you
can install.
Install a good anti-virus program making sure you keep
it's definitions up to date! ***
- - - - - - - - - - - - -
Microsoft Security Bulletin MS03-39
http://support.microsoft.com/?kbid=824146
What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp
Protect Your PC
http://www.microsoft.com/security/protect/default.asp
W32.Blaster.Worm a.k.a. W32/Lovesan.Worm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm
..html
W32.Blaster.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm
..removal.tool.html
W32.Welchia.Worm a.k.a. W32/Nachi.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32
..welchia.worm.html
W32.Welchia.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.welchia.worm
..removal.tool.html
Also by posting a real and not fuddged email address you
are opening yourself to virus ridden emails. The Swen
Virus (swen is news spelled backwards) harvests emails
from newsgroups and send infected messages to you.
R
Rick \Nutcase\ Rogers
Hi Rob,
When the shutdown warning appears, click start/run and enter "shutdown -a"
to halt the process. It's a virus called blaster or lovesan. Information:
http://www.kellys-korner-xp.com/xp_qr.htm#rpc
http://www.pchell.com/virus/msblast.shtml
http://vil.nai.com/vil/content/v_100499.htm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html
http://www.bigblackglasses.com/Article.aspx?Article=342
You need the patch described here to protect against it:
MS03-039: A Buffer Overrun in RPCSS Could Allow an Attacker to Run Malicious
Programs
http://support.microsoft.com/?kbid=824146
Problem is, you needed to install the patch BEFORE you got infected to avoid
it.
--
Best of Luck,
Rick Rogers aka "Nutcase" MS-MVP - Win9x
Windows isn't rocket science! That's my other hobby!
Associate Expert - WinXP - Expert Zone
When the shutdown warning appears, click start/run and enter "shutdown -a"
to halt the process. It's a virus called blaster or lovesan. Information:
http://www.kellys-korner-xp.com/xp_qr.htm#rpc
http://www.pchell.com/virus/msblast.shtml
http://vil.nai.com/vil/content/v_100499.htm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html
http://www.bigblackglasses.com/Article.aspx?Article=342
You need the patch described here to protect against it:
MS03-039: A Buffer Overrun in RPCSS Could Allow an Attacker to Run Malicious
Programs
http://support.microsoft.com/?kbid=824146
Problem is, you needed to install the patch BEFORE you got infected to avoid
it.
--
Best of Luck,
Rick Rogers aka "Nutcase" MS-MVP - Win9x
Windows isn't rocket science! That's my other hobby!
Associate Expert - WinXP - Expert Zone
B
Bruce Chambers
Greetings --
If you connected the PC to the Internet without having first
installed the KB824146 Hotfix, without having first installed an
antivirus application with current virus definition files, and before
enabling a firewall, you're very likely to get infected from any of
the thousands of PCs on the Internet that are constantly broadcasting
the Blaster and/or Welchia worms. It only takes a few seconds of
exposure.
To stay on-line long enough to get the necessary updates, patches,
and removal tools, click Start > Run, and enter "shutdown -a" when the
next RPC countdown begins. This will abort the shut down. Also, make
sure you've enabled a firewall before starting, to preclude any more
intrusions while getting the updates/patches/tools.
Microsoft Security Bulletin MS03-39
http://support.microsoft.com/?kbid=824146
What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp
W32.Blaster.Worm a.k.a. W32/Lovesan.Worm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html
W32.Blaster.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
W32.Welchia.Worm a.k.a. W32/Nachi.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html
W32.Welchia.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.html
McAfee AVERT Stinger
http://us.mcafee.com/virusInfo/default.asp?id=stinger
Bruce Chambers
--
Help us help you:
You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH
If you connected the PC to the Internet without having first
installed the KB824146 Hotfix, without having first installed an
antivirus application with current virus definition files, and before
enabling a firewall, you're very likely to get infected from any of
the thousands of PCs on the Internet that are constantly broadcasting
the Blaster and/or Welchia worms. It only takes a few seconds of
exposure.
To stay on-line long enough to get the necessary updates, patches,
and removal tools, click Start > Run, and enter "shutdown -a" when the
next RPC countdown begins. This will abort the shut down. Also, make
sure you've enabled a firewall before starting, to preclude any more
intrusions while getting the updates/patches/tools.
Microsoft Security Bulletin MS03-39
http://support.microsoft.com/?kbid=824146
What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp
W32.Blaster.Worm a.k.a. W32/Lovesan.Worm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html
W32.Blaster.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
W32.Welchia.Worm a.k.a. W32/Nachi.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html
W32.Welchia.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.html
McAfee AVERT Stinger
http://us.mcafee.com/virusInfo/default.asp?id=stinger
Bruce Chambers
--
Help us help you:
You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH
G
Gary Tsang
Hi,
It appears your computer has been infected with the Blaster virus. For more
information and how to fix this please see follow this link:
http://www.microsoft.com/security/incident/blast.asp
http://www.microsoft.com/security/protect/main.asp
Microsoft Knowledge Base Article - 824146
A Buffer Overrun in RPCSS Could Allow an Attacker to Run Malicious Programs
http://support.microsoft.com/?kbid=824146
More information about this particular worm:
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html
Removal Information can be found here
http://www.kellys-korner-xp.com/xp_qr.htm#rpc
It appears your computer has been infected with the Blaster virus. For more
information and how to fix this please see follow this link:
http://www.microsoft.com/security/incident/blast.asp
http://www.microsoft.com/security/protect/main.asp
Microsoft Knowledge Base Article - 824146
A Buffer Overrun in RPCSS Could Allow an Attacker to Run Malicious Programs
http://support.microsoft.com/?kbid=824146
More information about this particular worm:
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html
Removal Information can be found here
http://www.kellys-korner-xp.com/xp_qr.htm#rpc
Ask a Question
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.