Is there some new version of the blaster worm around?

  • Thread starter Thread starter news.rcn.com
  • Start date Start date
N

news.rcn.com

I am having a known problem in an unknown area: My Windows 2000 1.6 GHz AMD
K6 Compaq machine is continuously rebooting. The new problem appears to be
that it doesn't revolve in a continuous loop, the machine works for anything
from a few seconds to a few minutes before automatically rebooting. I
haven't found any reference to this on line

And it DOES connect to the Internet. I did manage to download multi_av and
run Trend and Kaspersky. Trend and Kaspersky found nothing, both in normal
and safe modes. I then tried to run Sophos and was running when I went to
bed, after which I woke up the next morning and found the computer at the
log in screen again, which indicates either that it found nothing or that it
simply rebooted before Sophos could find anything

Has anyone seen this before?
 
From: "news.rcn.com" <news.rnc.com>

| I am having a known problem in an unknown area: My Windows 2000 1.6 GHz AMD
| K6 Compaq machine is continuously rebooting. The new problem appears to be
| that it doesn't revolve in a continuous loop, the machine works for anything
| from a few seconds to a few minutes before automatically rebooting. I
| haven't found any reference to this on line
|
| And it DOES connect to the Internet. I did manage to download multi_av and
| run Trend and Kaspersky. Trend and Kaspersky found nothing, both in normal
| and safe modes. I then tried to run Sophos and was running when I went to
| bed, after which I woke up the next morning and found the computer at the
| log in screen again, which indicates either that it found nothing or that it
| simply rebooted before Sophos could find anything
|
| Has anyone seen this before?
|

Worms such as Lovsan/Blaster and DSasser and their successors; SDBot, RBot, GAOBot, MyTob,
RadeBot, etc... would generate a 60 sec. NT AUTHORITY\SYSTEM shutdown message such as...

NT AUTHORITY\SYSTEM
'c:\windows\system32\lsass.exe' terminated unexpectedly with status code -1073741819

or

NT AUTHORITY\SYSTEM
Windows must now restart becuase the Remote Procedure Call (RPC) service terminated
unexpectiedly.

With the RPC message, you can get that for "other" reasons not realted to worm activity.

In all the above casees TCP protocols are exploited. TCP port 135 for RPC/RPCSS DCOM and
TCP port 445 for the LSASS module. Using a simple NAT Router such as the Linksys BEFSR41
greatly mitigates such internet worm port exploitations.

You have NOT shown any substantiating information to show this is worm exploitation.

Most system aut-reboots are caused by hardware problems. CPU, RAM modules, CPU fan, etc.
 
From: "news.rcn.com" <news.rnc.com>

| I am having a known problem in an unknown area: My Windows 2000 1.6 GHz AMD
| K6 Compaq machine is continuously rebooting. The new problem appears to be
| that it doesn't revolve in a continuous loop, the machine works for anything
| from a few seconds to a few minutes before automatically rebooting. I
| haven't found any reference to this on line
|
| And it DOES connect to the Internet. I did manage to download multi_av and
| run Trend and Kaspersky. Trend and Kaspersky found nothing, both in normal
| and safe modes. I then tried to run Sophos and was running when I went to
| bed, after which I woke up the next morning and found the computer at the
| log in screen again, which indicates either that it found nothing or that it
| simply rebooted before Sophos could find anything
|
| Has anyone seen this before?
|

Worms such as Lovsan/Blaster and DSasser and their successors; SDBot, RBot, GAOBot, MyTob,
RadeBot, etc... would generate a 60 sec. NT AUTHORITY\SYSTEM shutdown message such as...

NT AUTHORITY\SYSTEM
'c:\windows\system32\lsass.exe' terminated unexpectedly with status code -1073741819

or

NT AUTHORITY\SYSTEM
Windows must now restart becuase the Remote Procedure Call (RPC) service terminated
unexpectiedly.

With the RPC message, you can get that for "other" reasons not realted to worm activity.

In all the above casees TCP protocols are exploited. TCP port 135 for RPC/RPCSS DCOM and
TCP port 445 for the LSASS module. Using a simple NAT Router such as the Linksys BEFSR41
greatly mitigates such internet worm port exploitations.

You have NOT shown any substantiating information to show this is worm exploitation.

Most system aut-reboots are caused by hardware problems. CPU, RAM modules, CPU fan, etc.
 
'news.rcn.com' wrote, in part:
| I am having a known problem in an unknown area: My Windows 2000 1.6 GHz
AMD
| K6 Compaq machine is continuously rebooting.
_____

Have you considered a hardware problem? That seems more likely than malware
since scans have found nothing.

Phil Weldon

"news.rcn.com" <news.rnc.com> wrote in message
|I am having a known problem in an unknown area: My Windows 2000 1.6 GHz AMD
| K6 Compaq machine is continuously rebooting. The new problem appears to be
| that it doesn't revolve in a continuous loop, the machine works for
anything
| from a few seconds to a few minutes before automatically rebooting. I
| haven't found any reference to this on line
|
| And it DOES connect to the Internet. I did manage to download multi_av and
| run Trend and Kaspersky. Trend and Kaspersky found nothing, both in
normal
| and safe modes. I then tried to run Sophos and was running when I went
to
| bed, after which I woke up the next morning and found the computer at the
| log in screen again, which indicates either that it found nothing or that
it
| simply rebooted before Sophos could find anything
|
| Has anyone seen this before?
|
|
 
'news.rcn.com' wrote, in part:
| I am having a known problem in an unknown area: My Windows 2000 1.6 GHz
AMD
| K6 Compaq machine is continuously rebooting.
_____

Have you considered a hardware problem? That seems more likely than malware
since scans have found nothing.

Phil Weldon

"news.rcn.com" <news.rnc.com> wrote in message
|I am having a known problem in an unknown area: My Windows 2000 1.6 GHz AMD
| K6 Compaq machine is continuously rebooting. The new problem appears to be
| that it doesn't revolve in a continuous loop, the machine works for
anything
| from a few seconds to a few minutes before automatically rebooting. I
| haven't found any reference to this on line
|
| And it DOES connect to the Internet. I did manage to download multi_av and
| run Trend and Kaspersky. Trend and Kaspersky found nothing, both in
normal
| and safe modes. I then tried to run Sophos and was running when I went
to
| bed, after which I woke up the next morning and found the computer at the
| log in screen again, which indicates either that it found nothing or that
it
| simply rebooted before Sophos could find anything
|
| Has anyone seen this before?
|
|
 
Have you considered a hardware problem? That seems more likely than
malware
since scans have found nothing.
Click to expand...

I was a bit scared to think about that as I wouldn't know how to isolate it.
But I was suspicious as there is never an error message, just a simple shut
down and restart. Does the OS generate a log anywhere which might enlighten
me?
 
Have you considered a hardware problem? That seems more likely than
malware
since scans have found nothing.
Click to expand...

I was a bit scared to think about that as I wouldn't know how to isolate it.
But I was suspicious as there is never an error message, just a simple shut
down and restart. Does the OS generate a log anywhere which might enlighten
me?
 
news.rcn.com said:
I was a bit scared to think about that as I wouldn't know how to
isolate it. But I was suspicious as there is never an error message,
just a simple shut down and restart. Does the OS generate a log
anywhere which might enlighten me?
Click to expand...

XP, I assume, otherwise you'll need to google for instructions:

System Properties-->Advanced-->Startup and Recovery (click "Settings").
Under "System Failure," untick the "Automatically Restart" box. You'll
then be able to get a look at the BSOD.

You might also want to check Event Viewer for error messages.
 
news.rcn.com said:
I was a bit scared to think about that as I wouldn't know how to
isolate it. But I was suspicious as there is never an error message,
just a simple shut down and restart. Does the OS generate a log
anywhere which might enlighten me?
Click to expand...

XP, I assume, otherwise you'll need to google for instructions:

System Properties-->Advanced-->Startup and Recovery (click "Settings").
Under "System Failure," untick the "Automatically Restart" box. You'll
then be able to get a look at the BSOD.

You might also want to check Event Viewer for error messages.
 
'news.rcn.com' wrote:
| I was a bit scared to think about that as I wouldn't know how to isolate
it.
| But I was suspicious as there is never an error message, just a simple
shut
| down and restart. Does the OS generate a log anywhere which might
enlighten
| me?
_____

Probably not. You report a reboot with no notice, so there is unlikely to
be any type of event entry. Just a guess, but what you have might be an
overheating problem or a power supply problem. You could check the CPU and
motherboard temperatures, and you could try swapping the power supply for a
known good supply. Since you write "as I wouldn't know how to isolate it",
consider warranty repair in applicable or a good computer repair shop. Also
you could try posting in a hardware oriented newsgroup; this really isn't
the place to get extensive help diagnosing a hardware problem. Sine you
have no positive indication of malware a hardware problem related to heat,
age, or failing power supply is likely.

Phil Weldon

"news.rcn.com" <news.rnc.com> wrote in message
|
| > Have you considered a hardware problem? That seems more likely than
| > malware
| > since scans have found nothing.
|
| I was a bit scared to think about that as I wouldn't know how to isolate
it.
| But I was suspicious as there is never an error message, just a simple
shut
| down and restart. Does the OS generate a log anywhere which might
enlighten
| me?
|
|
 
'news.rcn.com' wrote:
| I was a bit scared to think about that as I wouldn't know how to isolate
it.
| But I was suspicious as there is never an error message, just a simple
shut
| down and restart. Does the OS generate a log anywhere which might
enlighten
| me?
_____

Probably not. You report a reboot with no notice, so there is unlikely to
be any type of event entry. Just a guess, but what you have might be an
overheating problem or a power supply problem. You could check the CPU and
motherboard temperatures, and you could try swapping the power supply for a
known good supply. Since you write "as I wouldn't know how to isolate it",
consider warranty repair in applicable or a good computer repair shop. Also
you could try posting in a hardware oriented newsgroup; this really isn't
the place to get extensive help diagnosing a hardware problem. Sine you
have no positive indication of malware a hardware problem related to heat,
age, or failing power supply is likely.

Phil Weldon

"news.rcn.com" <news.rnc.com> wrote in message
|
| > Have you considered a hardware problem? That seems more likely than
| > malware
| > since scans have found nothing.
|
| I was a bit scared to think about that as I wouldn't know how to isolate
it.
| But I was suspicious as there is never an error message, just a simple
shut
| down and restart. Does the OS generate a log anywhere which might
enlighten
| me?
|
|
 
Back
Top