NT Authority / System Shutdown

[Orville Bullitt]

What causes a shutdown that is initiated by BT Authority/system? My
operating system is Windows XP Home Edition. I clean my registry every night
with BOTH AceLogix Software "Registry Tuneup" and Ontrack's "System Suite."

Thanks in advance,
Orville Bullitt

 

[Bruce Chambers]

Greetings --

"Cleaning" the registry with automated software doesn't do a thing
to protect a PC from viruses or worms, although doing so does often
cause problems that could possibly be misinterpreted as viral
activity.

If you connected the PC to the Internet without having first
enabled a firewall, without having first installed an antivirus
application with current virus definition files, and before installing
the KB824146 Hotfix, you're very likely to get infected from any of
the thousands of PCs on the Internet that are constantly broadcasting
the Blaster and/or Welchia worms. It only takes a few seconds of
exposure.

To stay on-line long enough to get the necessary updates, patches,
and removal tools, click Start > Run, and enter "shutdown -a" when the
next RPC countdown begins. This will abort the shut down. Also, make
sure you've enabled a firewall before starting, to preclude any more
intrusions while getting the updates/patches/tools.

Microsoft Security Bulletin MS03-39
http://support.microsoft.com/?kbid=824146

What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp

W32.Blaster.Worm a.k.a. W32/Lovesan.Worm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html

W32.Blaster.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

W32.Welchia.Worm a.k.a. W32/Nachi.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html

W32.Welchia.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.html

McAfee AVERT Stinger
http://us.mcafee.com/virusInfo/default.asp?id=stinger


Bruce Chambers

--
Help us help you:




You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH

 

[Guest]

----- Orville Bullitt wrote: ----

What causes a shutdown that is initiated by BT Authority/system? M
operating system is Windows XP Home Edition. I clean my registry every nigh
with BOTH AceLogix Software "Registry Tuneup" and Ontrack's "System Suite.

Thanks in advance
Orville Bullit

This may or may not help, but are you utilizing remoate use? I have an univited RAS dialup alter my XP through the clone key available only on NT4(5). He actually took over and would not allow my system to operate properly. XP has virtual memory, that is never changed, even with system restore, the only fix I can suggest is not to clean the registry, but to enter safemode and delete the VALUE of each entry to "0". This hacker's program is very complex and difficult to obtain help resolving. My system was down 2 months and I actually had to purchase a new PC, his operating system runs so fast that before I could remove him from os, he blew the mother board and memory on my previous system. It's worth checking, his remote user information will be hidden, but if S-1.....is listed as a user in your registry, and you do not know who that refers to, it could be an univited RAS user. Good luck

 

[Unknown]

Your statement 'although doing so does often cause problems' is very
misleading and intimidating. There is only one case of a registry cleaner
causing a proble. And, that is if the user fails to set up the cleaner to
ignore the word 'help'. But there is a very easy fix for that. Why do you say
'often causes problems?????????

 

[Bruce Chambers]

Greetings --

Misleading? Not in my experience. Intimidating? I certainly
hope so; that was the point of the statement.

Having seen the results of inexperienced people using a variety
automated registry "cleaners" over the years, I can only advise to
everyone to avoid them all.

The only thing needed to safely clean the registry is knowledge
and Regedit.exe. If you lack the knowledge and experience to maintain
your registry by yourself, then you also lack the knowledge and
experience to safely configure and use any automated registry cleaner,
no matter how safe it claims to be.

I always use Regedit.exe. I trust my own experience and judgment
far more than I would any automated registry cleaner.



Bruce Chambers

--
Help us help you:




You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH

 

[Declan Swan]

Orville Bullitt wrote:
<Snip virus bollocks>

Antivirus scan and disinfection:

http://www.pandasoftware.com/activescan/com/activescan_principal.htm

 

[Frank Saunders, MS-MVP IE/OE]

What causes a shutdown that is initiated by BT Authority/system? My
operating system is Windows XP Home Edition. I clean my registry
every night with BOTH AceLogix Software "Registry Tuneup" and
Ontrack's "System Suite."

Thanks in advance,
Orville Bullitt

Your system is infected by the MSBlaster Worm. This is causing the system to
shutdown abnormally.

From Ron Martel

Do steps 1 and 2 on your working computer.

1. Get the Blaster removal script from MVP Kelly Theriot's web site:
http://www.kellys-korner-xp.com/regs_edits/msblast.vbs
2. Get the Microsoft patch from
http://support.microsoft.com/default.aspx?scid=kb;en-us;823980#WinXP

Copy the downloaded files to a 3.5 inch diskette (they will both fit
on the same 1.44 mb diskette) or burn them to a CD

3. Disconnect the infected computer from the Internet. Unplug
Cable/DSL modem if you have one. That prevents reinfection during the
time interval between running the script and the completion of the
patch installation.
4. Run the script.
5. Install the patch.
6. Activate the Internet Connection Firewall in Windows XP
7. Reconnect to the Internet. Update your antivirus software and do
a complete scan.
8. Go to the Windows Update and get all repeat all of the critical
updates for your computer.

Good luck


Ron Martell Duncan B.C. Canada

--
Frank Saunders, MS-MVP, IE/OE
Please respond in Newsgroup. Do not send email
http://www.fjsmjs.com
Protect your PC
http://www.microsoft.com/security/protect/

 

[SlAyEr]

<snip> Lucky you, its a worm and most likely you have the msblaster in your
win32 sub dir, just boot from a floopy disk

what kind of advise is that meant to be?

(e-mail address removed) explain yourself??

the op might have a million floppies to try and boot from but probably
doesnt realise his floppies with his naked wives pictures on wont work....

yr a ****ing arse arent you??? or a wanna be shit for brains??

regards slayer

--

if the following image offends then dont look at it...

/'_/)
,/_ /
/ /
/'_'/' '/'_'7,
/'/ / / /"
('( ' ' _~/
\ '
'\' \ _7
\ (
\ \.

ERROR 404 SIG NOT FOUND . END OF INSTRUCTION , PROGRAM FAILED TO

INITIALIZE. KILL ALL ENEMIES OF THE UK AND COALITION FORCES NOW !!!


SOME PEOPLE ENJOY SIPPING FROM THE FOUNTAIN OF KNOWLEDGE...........

PERSONALLY ,,,, SWALLOWING GALLONS IS MY THING......

remove my shorts to email me direct....

(e-mail address removed)