G
Guest
I getting continual remote procedure calls initiated by the NT Authority. Not sure what it is . It does give me 60 seconds to save and logoff. What is this caused by?
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
K
Kaylene aka Taurarian
http://www.microsoft.com/security/incident/blast_faq.asp
Blaster Worm FAQ
1. CTRL-ALT-DELETE to bring up the Task Manager. Look for msblast.exe and select
it and End Process. This will stop the computer from shutting down.
It doesn’t remove the worm.
To enable your firewall :
- Click Start
- Click Control Panel
- Double Click "Network Connections"
- Right-click on your Dial up Connection, then left click 'Properties'
- Left Click 'Advanced' Under "Internet Connection Firewall" tick the box
'Protect my computer and networking by limiting or preventing access to this
computer from the internet'
- Click Ok and Close the "network connections" box.
You can then connect to the Internet and download the Microsoft relevant patch.
You could also try:
Click Start/Run then type in cmd
and then type in : shutdown –a
Do this when the shutdown prompt appears.
W32.Blaster.Worm patch is available here:-
MS03-039: A Buffer Overrun in RPCSS Could Allow an Attacker to Run Malicious
Programs
http://support.microsoft.com/?kbid=824146
You must download and install the patch. In many cases, you will need to do this
before you can continue with the removal of the worm.
Because of the way the worm works, it may be difficult to connect to the
Internet to obtain the patch, definitions, or removal tool before the worm shuts
down the computer. It has been reported that, for users of Windows XP,
activating the Windows XP firewall may allow you to download and install the
patch, obtain virus definitions, and run the removal tool. This may also work
with other firewalls, although this has not been confirmed.
2. You can download the Symantec Removal Tool from here
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
or you can visit this site to assist in the removal of the worm
http://www3.ca.com/virusinfo/virus.aspx?ID=36265
To download ClnPoza.zip - a utility that cleans a local machine affected by
Win32.Poza,
or this site for assistance: http://www.kellys-korner-xp.com/xp_qr.htm#rpc
caused by?
Blaster Worm FAQ
1. CTRL-ALT-DELETE to bring up the Task Manager. Look for msblast.exe and select
it and End Process. This will stop the computer from shutting down.
It doesn’t remove the worm.
To enable your firewall :
- Click Start
- Click Control Panel
- Double Click "Network Connections"
- Right-click on your Dial up Connection, then left click 'Properties'
- Left Click 'Advanced' Under "Internet Connection Firewall" tick the box
'Protect my computer and networking by limiting or preventing access to this
computer from the internet'
- Click Ok and Close the "network connections" box.
You can then connect to the Internet and download the Microsoft relevant patch.
You could also try:
Click Start/Run then type in cmd
and then type in : shutdown –a
Do this when the shutdown prompt appears.
W32.Blaster.Worm patch is available here:-
MS03-039: A Buffer Overrun in RPCSS Could Allow an Attacker to Run Malicious
Programs
http://support.microsoft.com/?kbid=824146
You must download and install the patch. In many cases, you will need to do this
before you can continue with the removal of the worm.
Because of the way the worm works, it may be difficult to connect to the
Internet to obtain the patch, definitions, or removal tool before the worm shuts
down the computer. It has been reported that, for users of Windows XP,
activating the Windows XP firewall may allow you to download and install the
patch, obtain virus definitions, and run the removal tool. This may also work
with other firewalls, although this has not been confirmed.
2. You can download the Symantec Removal Tool from here
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
or you can visit this site to assist in the removal of the worm
http://www3.ca.com/virusinfo/virus.aspx?ID=36265
To download ClnPoza.zip - a utility that cleans a local machine affected by
Win32.Poza,
or this site for assistance: http://www.kellys-korner-xp.com/xp_qr.htm#rpc
sure what it is . It does give me 60 seconds to save and logoff. What is thisjhoffa said:I getting continual remote procedure calls initiated by the NT Authority. Not
caused by?
G
Guest
the only time that happens to me is when i try to shut down a process thats needed by the system to keep runnin
----- jhoffa wrote: ----
I getting continual remote procedure calls initiated by the NT Authority. Not sure what it is . It does give me 60 seconds to save and logoff. What is this caused by?
----- jhoffa wrote: ----
I getting continual remote procedure calls initiated by the NT Authority. Not sure what it is . It does give me 60 seconds to save and logoff. What is this caused by?
B
Bruce Chambers
Greetings --
If you connected the PC to the Internet without having first
installed the KB824146 Hotfix, without having first installed an
antivirus application with current virus definition files, and before
enabling a firewall, you're very likely to get infected from any of
the thousands of PCs on the Internet that are constantly broadcasting
the Blaster and/or Welchia worms. It only takes a few seconds of
exposure.
To stay on-line long enough to get the necessary updates, patches,
and removal tools, click Start > Run, and enter "shutdown -a" when the
next RPC countdown begins. This will abort the shut down. Also, make
sure you've enabled a firewall before starting, to preclude any more
intrusions while getting the updates/patches/tools.
Microsoft Security Bulletin MS03-39
http://support.microsoft.com/?kbid=824146
What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp
W32.Blaster.Worm a.k.a. W32/Lovesan.Worm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html
W32.Blaster.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
W32.Welchia.Worm a.k.a. W32/Nachi.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html
W32.Welchia.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.html
McAfee AVERT Stinger
http://us.mcafee.com/virusInfo/default.asp?id=stinger
Bruce Chambers
--
Help us help you:
You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH
If you connected the PC to the Internet without having first
installed the KB824146 Hotfix, without having first installed an
antivirus application with current virus definition files, and before
enabling a firewall, you're very likely to get infected from any of
the thousands of PCs on the Internet that are constantly broadcasting
the Blaster and/or Welchia worms. It only takes a few seconds of
exposure.
To stay on-line long enough to get the necessary updates, patches,
and removal tools, click Start > Run, and enter "shutdown -a" when the
next RPC countdown begins. This will abort the shut down. Also, make
sure you've enabled a firewall before starting, to preclude any more
intrusions while getting the updates/patches/tools.
Microsoft Security Bulletin MS03-39
http://support.microsoft.com/?kbid=824146
What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp
W32.Blaster.Worm a.k.a. W32/Lovesan.Worm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html
W32.Blaster.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
W32.Welchia.Worm a.k.a. W32/Nachi.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html
W32.Welchia.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.html
McAfee AVERT Stinger
http://us.mcafee.com/virusInfo/default.asp?id=stinger
Bruce Chambers
--
Help us help you:
You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH