Problems after removing msblaster

[Blaze]

Hi

I was having problems with my Office Programs... Excel wouldn't open, cut
and paste didn't work in word.. etc
I found that I had msblaster on a few PC's

I tried to install the MS patch and it failed because I needed SP3 or above

I installed SP4 and removed the blaster.exe with the norton fix file

I then applied the patch then I rebooted the PC

I log on and the problem is that the PC reboots after a couple of seconds of
logging on ..over and over

If I boot into safe mode the PC stays on, I have put on all the Windows
updates and yet its still reboots a few seconds after logging on normally

I have searched to see if the blaster virus is still there yet it keeps
rebooting

Any ideas ???

thanks

 

[aardvark_ratnick]

I had roughly the same problem, but it was not to do with the blaster worm,
there were two possible problems:

1. I installed sp4 with Norton antivirus running caused the exact same
symptom, re-installing the service pack with the virus checker disabled
fixed this problem

2. Had a single machine with BIOS RAM write failures, that presented with
the same failure, replacing the bios chip solved this problem. good luck

 

[Microsoft]

Have you looked for the RPC Services in the registry?

They should be located in
HKey_Local_Machine/System\CurrentControlSet\Services

I think they were like RPCUpdater or something like that. You should only
have RPCLocator & RPCSs.

Joey Hornick

 

[dcdon]

Yeppers,
Know exactly what it is...
Blaster has 6 or so variants and you must do everything on each fix that Symantec prints in
teh order they have it and reinstall you security patch


good computing,
don,
-------------------



Hi

I was having problems with my Office Programs... Excel wouldn't open, cut
and paste didn't work in word.. etc
I found that I had msblaster on a few PC's

I tried to install the MS patch and it failed because I needed SP3 or above

I installed SP4 and removed the blaster.exe with the norton fix file

I then applied the patch then I rebooted the PC

I log on and the problem is that the PC reboots after a couple of seconds of
logging on ..over and over

If I boot into safe mode the PC stays on, I have put on all the Windows
updates and yet its still reboots a few seconds after logging on normally

I have searched to see if the blaster virus is still there yet it keeps
rebooting

Any ideas ???

thanks

 

[Blaze]

Well Somebody said I maybe had the 'nachi' worm and I must delete the
following
*
*HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcPatch

*HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcTftpd
*
*C:\WINNT\SYSTEM32\WINS\DLLHOST.EXE (10,240 bytes)
*
*C:\WINNT\SYSTEM32\WINS\SVCHOST.EXE

I don't have any of these files or entries and now the PC's in a rebooting
loop even without logging on ???

my god is it possessed ??

because if I do a AV scan with the upto date ver it detects no virus ??

any ideas people ?

thanks

 

[dcdon]

Blaze,

Let's do this where you get fixed, not add to any problem you may have.
Try an online scan from Symantec.
http://securityresponse.symantec.com/
After it is through, write all the information down.
the name of the virus, worm, and/or Trojan Horse is important.
With the name of the vermites, place them in a google search and look for the virii, one at a
time.
When you find a Symantec Fix Procedure. I did not say a "Fix" tool. Virus protection software
IS NOT like getting a shot. There IS NO instant fix. Some CURES are complicated. If not done
complete them in the exact order, you will NOT fix the problem. The keys you show may or may
not need attention, but one thing for sure, when you change the registry, you can get to a
place of FORMATTING real fast, if not backed up properly. When you edit the regedit.exe (not
REGEDT32.EXE), it is really easy to "export" a particular key, usually you would leave them on
the desktop (maybe in a folder) with a small notepad (.txt) file to remember exactly what the
keys are from and for what. Believe me, a little of doing this can save you a whole lot of
misery later.

I do at this time highly suggest you get and use the following:
A good AVP (with current definitions) (run a virus check, once per day right now)
A good firewall (hardware [router] or software) like Zone Alarm (and use it properly)
A privacy program (Ad-aware)
An anti-malware program(SpyBot-S&D)(be careful to learn this program) it can case damage like
deleting and executable for CD burners.
All have a free version at www.spychecker.com

This may all seem to be too much, but when you get rigged up, and have others tell you of
their misery, while you are purring like kitten, You will be happy.

Please believe me,
don
-------------





Well Somebody said I maybe had the 'nachi' worm and I must delete the
following
*
*HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcPatch

*HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcTftpd
*
*C:\WINNT\SYSTEM32\WINS\DLLHOST.EXE (10,240 bytes)
*
*C:\WINNT\SYSTEM32\WINS\SVCHOST.EXE

I don't have any of these files or entries and now the PC's in a rebooting
loop even without logging on ???

my god is it possessed ??

because if I do a AV scan with the upto date ver it detects no virus ??

any ideas people ?

thanks

 

[dcdon]

case = cause

Blaze,

Let's do this where you get fixed, not add to any problem you may have.
Try an online scan from Symantec.
http://securityresponse.symantec.com/
After it is through, write all the information down.
the name of the virus, worm, and/or Trojan Horse is important.
With the name of the vermites, place them in a google search and look for the virii, one at a
time.
When you find a Symantec Fix Procedure. I did not say a "Fix" tool. Virus protection software
IS NOT like getting a shot. There IS NO instant fix. Some CURES are complicated. If not done
complete them in the exact order, you will NOT fix the problem. The keys you show may or may
not need attention, but one thing for sure, when you change the registry, you can get to a
place of FORMATTING real fast, if not backed up properly. When you edit the regedit.exe (not
REGEDT32.EXE), it is really easy to "export" a particular key, usually you would leave them on
the desktop (maybe in a folder) with a small notepad (.txt) file to remember exactly what the
keys are from and for what. Believe me, a little of doing this can save you a whole lot of
misery later.

I do at this time highly suggest you get and use the following:
A good AVP (with current definitions) (run a virus check, once per day right now)
A good firewall (hardware [router] or software) like Zone Alarm (and use it properly)
A privacy program (Ad-aware)
An anti-malware program(SpyBot-S&D)(be careful to learn this program) it can case damage like
deleting and executable for CD burners.
All have a free version at www.spychecker.com

This may all seem to be too much, but when you get rigged up, and have others tell you of
their misery, while you are purring like kitten, You will be happy.

Please believe me,
don
-------------





Well Somebody said I maybe had the 'nachi' worm and I must delete the
following
*
*HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcPatch

*HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcTftpd
*
*C:\WINNT\SYSTEM32\WINS\DLLHOST.EXE (10,240 bytes)
*
*C:\WINNT\SYSTEM32\WINS\SVCHOST.EXE

I don't have any of these files or entries and now the PC's in a rebooting
loop even without logging on ???

my god is it possessed ??

because if I do a AV scan with the upto date ver it detects no virus ??

any ideas people ?

thanks

 

[dcdon]

dang, why don't I do a spell check properly
sorry
....deleting and... = deleting AN executabl...

don
;-(


Blaze,

Let's do this where you get fixed, not add to any problem you may have.
Try an online scan from Symantec.
http://securityresponse.symantec.com/
After it is through, write all the information down.
the name of the virus, worm, and/or Trojan Horse is important.
With the name of the vermites, place them in a google search and look for the virii, one at a
time.
When you find a Symantec Fix Procedure. I did not say a "Fix" tool. Virus protection software
IS NOT like getting a shot. There IS NO instant fix. Some CURES are complicated. If not done
complete them in the exact order, you will NOT fix the problem. The keys you show may or may
not need attention, but one thing for sure, when you change the registry, you can get to a
place of FORMATTING real fast, if not backed up properly. When you edit the regedit.exe (not
REGEDT32.EXE), it is really easy to "export" a particular key, usually you would leave them on
the desktop (maybe in a folder) with a small notepad (.txt) file to remember exactly what the
keys are from and for what. Believe me, a little of doing this can save you a whole lot of
misery later.

I do at this time highly suggest you get and use the following:
A good AVP (with current definitions) (run a virus check, once per day right now)
A good firewall (hardware [router] or software) like Zone Alarm (and use it properly)
A privacy program (Ad-aware)
An anti-malware program(SpyBot-S&D)(be careful to learn this program) it can case damage like
deleting and executable for CD burners.
All have a free version at www.spychecker.com

This may all seem to be too much, but when you get rigged up, and have others tell you of
their misery, while you are purring like kitten, You will be happy.

Please believe me,
don
-------------





Well Somebody said I maybe had the 'nachi' worm and I must delete the
following
*
*HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcPatch

*HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcTftpd
*
*C:\WINNT\SYSTEM32\WINS\DLLHOST.EXE (10,240 bytes)
*
*C:\WINNT\SYSTEM32\WINS\SVCHOST.EXE

I don't have any of these files or entries and now the PC's in a rebooting
loop even without logging on ???

my god is it possessed ??

because if I do a AV scan with the upto date ver it detects no virus ??

any ideas people ?

thanks