NT Authority\Security Problem

  • Thread starter Thread starter Richard
  • Start date Start date
R

Richard

I've recently installed Windows XP on a Dell computer and
everthing was working well. Recently, when connected to
the internet (9 minutes) I receive a message that the
system has encountered a problem and will be shutting
down. The message received talks about a NT
Authority\Security problem.

Does anyone have a suggestion as to where I need to go
and what I should do?

Thank you!
 
-----Original Message-----
I've recently installed Windows XP on a Dell computer and
everthing was working well. Recently, when connected to
the internet (9 minutes) I receive a message that the
system has encountered a problem and will be shutting
down. The message received talks about a NT
Authority\Security problem.

Does anyone have a suggestion as to where I need to go
and what I should do?

Thank you!
.
Click to expand...

This a virus called w32.Blaster.Worm

Patch from Microsoft:
http://tinyurl.com/h84v
More info from MS:
www.microsoft.com/security/incident/blast.asp

-------------------------------

From Symantec Security Response for the virus
w32.Blaster.Worm:
http://tinyurl.com/jozm

-------------------------------

From Kelly - MVP:
Close Windows Explorer, End Process in the Task Manager
for msblast.exe, run
the edit on line 257 then run the patch listed below it:
http://www.kellys-korner-xp.com/xp_tweaks.htm

Windows XP Security Patch: Buffer Overrun In RPC Interface
Could Allow Code
Execution: http://tinyurl.com/ir5h

More information here:
www.kellys-korner-xp.com/xp_qr.htm#rpc

-------------------------------

Install a firewall (software like or hardware like router)
to help prevent future similar issues.

Most users will be using the 32 bit edition of WinXP Home
and Pro.


Hope this helps!

Gary Thorn
MVP-Windows Technologies/Xbox
Associate Expert


More about the Windows XP Expert Zone:


More about the MS MVP Program:
http://tinyurl.com/n08
 
Thanks for looking around alittle before posting ;)

"Go Offline after you download the patch and either print this info or copy
and paste it to word patch"

MS03-026: Buffer Overrun in RPC Interface May Allow Code Execution
http://support.microsoft.com/?kbid=823980

Enable the windows XP Firewall
https://www.microsoft.com/technet/t...nol/winxppro/proddocs/hnw_enable_firewall.asp

More info about the worm:
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html

Test your system
https://grc.com/x/portprobe=135
 
ive just had this virus,(and i was about to wipe
everything cus i thought my pc was fcuked!!) anyway, make
sure you intall the patch aswell as use the tool, as i
removed the virus and got it again moments later!!
 
I have the same problem as well. I have a feeeling it's
related to the Blaster worm that everyone keeps
mentioning, but how can you apply a fix/patch, when the pc
informs you it is shuttig down in 60 seconds?????
 
Hi Chuck - Your specific ans below. Courtesy of Colin M. McGroarty with
some additions by me:

You can get more info about the worm here:
http://isc.sans.org/diary.html?date=2003-08-11

and here:
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html

Complete directions for fixing this can be found here:
http://www.bigblackglasses.com/Article.aspx?Article=342,
and here: http://www.kellys-korner-xp.com/xp_qr.htm#rpc USE THESE BY
PREFERENCE. There are "fix" scripts available at both sites.

Also, a stand-alone removal tool, Stinger, from McAfee, has been updated to
handle this as one of the 26 things it fixes. Available here:
http://vil.nai.com/vil/stinger/ Be sure that you get the patch installed
though.

and another from CA here: http://www3.ca.com/virusinfo/virus.aspx?ID=36265

but, if you can't get there because of the shutdown, then:


"URLs may wrap

Easy, but annoying fix. When your computer starts go to the services applet
found in administrative tools. Select properties for the RPC or Remote
Procedure Call service. Change the Recovery from "Restart Computer" to
"Restart Service." Now your PC will stay up long enough to fix.

Next download the Microsoft Patch found at:

http://www.microsoft.com/downloads/search.aspx?displaylang=en

The patch is currently in the top download choices for both Win 2K and Win
XP. Choose accordingly and download.

Once the patch is installed make sure to do a full virus scan with current
virus definitions.
See Symantec's web page

http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html

Once the worm has been eliminated I recommend running Windows Update to get
all the current critical updates.
Lastly, change the RPC service back to "Restart Computer" as the recovery
method (or Take No Action for Win2k = jrb).

Hope this helps,


Colin M. McGroarty
MCP+I, MCSE, NT-CIP

(e-mail address removed)
www.McGroarty.org"



--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In
 
Back
Top