"NT Authority/System" Shuts Down Computer

[Guest]

While working on internet I get warning that the NT
Authority/System is shutting down my system in 60
seconds. I don't have NT. I just recently upgraded from
Me to XP.

Can this file be deleted to solve problem.

 

[Jim Byrd]

Hi - The mind boogles - it's hard to believe that you've hear nothing about
the MS Blaster worm that has infected an estimated 500,000 computers world
wide! But, evidently not, since that appears to be what you have.

First, so that you can stay booted up long enough to follow the rest of the
directions:

Go to Start/Run and type in: services.msc. Scroll down to Remote Procedure
Call (RPC)/Recovery/First Failure/Restart the Service (instead of Restart
the Computer which it probably is now).

Now, download this script and execute it (courtesy of Kelly site here:
http://www.kellys-korner-xp.com/xp_qr.htm#rpc):
http://www.kellys-korner-xp.com/regs_edits/msblast.vbs After it's cleaned
up your machine of any of the five currently know variants of this worm, it
will ask you if you want to download the necessary patch to keep from being
re-infected. Say yes and then download and install this patch, 823980,
directly available also here: http://tinyurl.com/ir5h For safety's sake,
after you install the patch and re-boot, RE-RUN the msblast.vbs file to
clean up any infection that you just might have gotten between your first
clean up and installing the patch.

Note that the MSBlast worm is not the only thing that can attack your
machine in this particular fashion, and it's important that you install a
firewall which blocks certain specific ports. There's good information here
about this worm and a specific section about obtaining and installing a
firewall: http://www.microsoft.com/security/incident/blast.asp#steps

Follow these directions, and post back please with your results/problems.


--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In

 

[Guest]

What's more incredible is that the vendors selling PCs
with XP on them are not patching them before letting them
out of the store.

1. Firewall your connection (Right-click your connection >
Properties > Advanced >tick 'Protect my computer'

2.
Run this via Internet Explorer:
http://securityresponse.symantec.com/avcenter/FixBlast.exe

N.B. After the virus has been removed make sure you
download the XP patch from Microsoft, the above link will
bring you to the appropriate page

 

[Guest]

Your computer is now infected with the W32.Blaster.Worm or
one of its variants. This happened because you have not
been using an internet connection firewall and have
apparently neglected to install the critical updates
available at the Windows Update website.
-----------------------------------------------------------
-------
If your computer is constantly attempting to shutdown
or reboot, quickly go to:

Start > Run and type: CMD , and hit enter.
This opens the Command Prompt window.

Then type: shutdown -a , and hit enter.

This should halt the rebooting problem.
-----------------------------------------------------------
-------
Then immediately turn-on Windows XP's built-in Firewall:
http://www.microsoft.com/security/protect/
(To enable the built-in firewall, go to:
Control Panel, double-click Networking and Internet
Connections, then click Network Connections. Right-click
your connection, then
Click Properties, and on the Advanced tab, click the option
"Protect my computer and network..." Note: the built in
firewall only monitors incoming traffic not outgoing (ie
spyware, trojans, etc.. you may have on your system).)

What You Should Know About the Blaster Worm and Its
Variants
http://www.microsoft.com/security/incident/blast.asp

A tool is available to remove Blaster worm and Nachi worm
infections from computers
that are running Windows 2000 or Windows XP
http://support.microsoft.com/?kbid=833330

A security issue has been identified that could allow an
attacker to
remotely compromise a computer running Microsoft Windows
and
gain complete control over it. You can help protect your
computer
by installing this update from Microsoft.
http://www.microsoft.com/downloads/details.aspx?
FamilyId=2354406C-C5B6-44AC-9532-
3DE40F69C074&displaylang=en

Above courtesy of MVP Carey
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

***Install a good firewall. ZoneAlarm is a free one you
can install.
Install a good anti-virus program making sure you keep
it's definitions up to date! ***
- - - - - - - - - - - - -
Microsoft Security Bulletin MS03-39
http://support.microsoft.com/?kbid=824146

What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp

Protect Your PC
http://www.microsoft.com/security/protect/default.asp

W32.Blaster.Worm a.k.a. W32/Lovesan.Worm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm
..html

W32.Blaster.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm
..removal.tool.html

W32.Welchia.Worm a.k.a. W32/Nachi.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32
..welchia.worm.html

W32.Welchia.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.welchia.worm
..removal.tool.html

 

[Bruce Chambers]

Greetings --

If you connected the PC to the Internet without having first
installed the KB824146 Hotfix, without having first installed an
antivirus application with current virus definition files, and before
enabling a firewall, you're very likely to get infected from any of
the thousands of PCs on the Internet that are constantly broadcasting
the Blaster and/or Welchia worms. It only takes a few seconds of
exposure.

To stay on-line long enough to get the necessary updates, patches,
and removal tools, click Start > Run, and enter "shutdown -a" when the
next RPC countdown begins. This will abort the shut down. Also, make
sure you've enabled a firewall before starting, to preclude any more
intrusions while getting the updates/patches/tools.

Microsoft Security Bulletin MS03-39
http://support.microsoft.com/?kbid=824146

What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp

W32.Blaster.Worm a.k.a. W32/Lovesan.Worm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html

W32.Blaster.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

W32.Welchia.Worm a.k.a. W32/Nachi.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html

W32.Welchia.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.html

McAfee AVERT Stinger
http://us.mcafee.com/virusInfo/default.asp?id=stinger


Bruce Chambers
--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH