Blaster worm behaviors once I loaded MSN Messenger 6.2

K

Keith-Earl

I have XP Pro SP2 installed. Shortly after I installed MSN Messenger 6.2 I
began to get the familiar "Services and Controller app" dialog that asks me
to send the report to MS. I do each time. As soon as I press "Send Report"
I get the "System Shutdown" dialog with the messgage
"The system is shutting down. Please save...<omit verbiage> initiated by NT
AUTHORITY\SYSTEM"

-and-

"The system process ...services.exe terminated unexpectedly with a return
code of -1."

What gives? I am patched for Blaster and direvitives and even ran
"BlasterFix.exe". It said all clear. There were no suspicious registry
entries.

This started after MSN Mgr 6.2 was added. I saw lots of posts but no
resolutions. Also, MSN Mgr 7 Beta was attacked as well.

Please advise.
 
D

David H. Lipman

| I have XP Pro SP2 installed. Shortly after I installed MSN Messenger 6.2 I
| began to get the familiar "Services and Controller app" dialog that asks me
| to send the report to MS. I do each time. As soon as I press "Send Report"
| I get the "System Shutdown" dialog with the messgage
| "The system is shutting down. Please save...<omit verbiage> initiated by NT
| AUTHORITY\SYSTEM"
|
| -and-
|
| "The system process ...services.exe terminated unexpectedly with a return
| code of -1."
|
| What gives? I am patched for Blaster and direvitives and even ran
| "BlasterFix.exe". It said all clear. There were no suspicious registry
| entries.
|
| This started after MSN Mgr 6.2 was added. I saw lots of posts but no
| resolutions. Also, MSN Mgr 7 Beta was attacked as well.
|
| Please advise.

A system shutown message is NOT always indicative of the Lovsan/Blaster and you have not
provided the information that makes it a RPC/RPCSS exploitation issue.
 
K

Keith-Earl

David,

Sorry, I do not understand this part
"you have not provided the information that makes it a RPC/RPCSS
exploitation issue."

What other info do you need? What should I do to debug this condition?

Thanks,

Keith
 
D

David H. Lipman

| David,
|
| Sorry, I do not understand this part
| "you have not provided the information that makes it a RPC/RPCSS
| exploitation issue."
|
| What other info do you need? What should I do to debug this condition?
|
| Thanks,
|
| Keith


Supply the EXACT words in the error message and/or shutdown window.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

[Update] Messenger Plus! Extension v3.50.124 4
Help! Explorer.exe crashing due to fault in shell32.dll. 9
HELP! Explorer.exe crashing because of shell32.dll! 16

Top