NT\ATHORITY and GHP WIN 32

  • Thread starter Thread starter Nitsuj
  • Start date Start date
N

Nitsuj

I hope someone can help me...
Hey. I have a problem with my a file or program (i am
not sure) called NT/ATHORITY. I don't have NT, I have
XP. But it comes up anyways. Here is what will happen.
I will get home and turn on my computer. Everything will
load like normal. And my Norton Anti-Virus says
everything is fine. So anyways, I use my PC as normal
but after about 20 minutes of use my computer brings up
a "Generic Host Process for Win32 Services" Dialog box.
I have clicked Send Error report and Don't send both
before, but nothing works. I click one of the two, then
the dialog box disappears. Then about 10 seconds later,
it pops up again. So I click it agian, and my pc gives
me a minute to shut down. Gotta go... PC is shutting
down as i type. HELP!
 
Nitsuj, with all due respect, please read recent posts in a forum to see if
someone has already had the problem.
This is the DCOM/RPC exploit seen in many threads above (before) yours.
For example, here is a copy/paste from Dave Loyall from today:


Hi, everyone.

This is my first time posting to this newsgroup, so please
pardon me if I tread on local etiquette.

The NT AUTHORITY shutdown thing is caused by computers on
the internet sending your computer certain special
commands. Normally, you'd expect that your computer would
ignore commands from strangers, but these strangers are
taking advantage of a Remote Exploit in Windows. Details
about that here:
http://support.microsoft.com/?kbid=823980

These shutdowns won't stop until you patch that hole. Get
the patch at the above URL. This is a critical update,
you must get this patch. There are worms in the wild
right now that will use this hole to take control of your
computer, using it to attack other computers, websites,
etc, and view your files, etc.

Now, if you're having trouble getting the patch to
install, because you're being shutdown, this might help:
When you get the shutdown message, click start, run. Type
shutdown /a and hit enter. This should abort the current
shutdown sequence. Great, now you have more time to get
the patch!

Once you've gotten the patch, you should visit
http://windowsupdate.microsoft.com to get all the OTHER
patches that you've failed to get over the years.
You should also use some sort of antivirus, because, if
you're just now getting the patch, trojans were probably
already installed on your computer on 8/11/03. (I
recommend TrendMicro's housecall service. It's free.
http://housecall.antivirus.com )

Again, even after you stop the shutdown problem, it is
still important for you to visit
http://windowsupdate.microsoft.com and use some sort of
antivirus (link above). If you fail to do this, your
computer will probably continue to send shutdown attacks
(and other things) to *everybody else's* computers.

... That's about it. I left out a lot of things about the
RPC vuln and the trojans that exploit it, because such
details are beyond the scope of this document. But please
do do some research on this topic. =) And always visit
windowsupdate regularly. Always visit windowsupdate
regularly. http://windowsupdate.microsoft.com Always.
Regularly.

--David Loyall
 
exactly the same problem. ran system restore, won't work.
even updated my xp, still same. is this the virus attack?
any remedy from microsoft?
 
DISCONNECT the subject computer from any network IMMEDIATELY.
VERY IMPORTANT to repair, closing ports is NOT enough.
Download the patch from the Windows Catalog.
http://support.microsoft.com/?kbid=323166
You want: 823980
You may need to do this at an uninfected computer and burn to CD or
save on floppy.

This is the IMPORTANT fix by Ron Martell:
http://www.bigblackglasses.com/Article.aspx?Article=342

After this is resolved prevent similar occurrences by installing ALL
Critical Updates from Windows Update.
Keep antivirus up to date and run at least weekly.
Install or enable a firewall.
 
Back
Top