B
Benno Meier
I have alos been experiencing the NT Auhtority/System
shutdwon. Has anyone found a soultion?
Please pass on.
Benno
shutdwon. Has anyone found a soultion?
Please pass on.
Benno
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
R
Rick \Nutcase\ Rogers
Hi Benno,
It's a virus called blaster or lovesan. Information:
http://www.kellys-korner-xp.com/xp_qr.htm#rpc
http://vil.nai.com/vil/content/v_100499.htm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html
http://www.bigblackglasses.com/Article.aspx?Article=342
You need the patch described here to protect against it:
MS03-039: A Buffer Overrun in RPCSS Could Allow an Attacker to Run Malicious
Programs
http://support.microsoft.com/?kbid=824146
Problem is, you needed to install the patch BEFORE you got infected to avoid
it.
--
Best of Luck,
Rick Rogers aka "Nutcase" MS-MVP - Win9x
Windows isn't rocket science! That's my other hobby!
Associate Expert - WinXP - Expert Zone
It's a virus called blaster or lovesan. Information:
http://www.kellys-korner-xp.com/xp_qr.htm#rpc
http://vil.nai.com/vil/content/v_100499.htm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html
http://www.bigblackglasses.com/Article.aspx?Article=342
You need the patch described here to protect against it:
MS03-039: A Buffer Overrun in RPCSS Could Allow an Attacker to Run Malicious
Programs
http://support.microsoft.com/?kbid=824146
Problem is, you needed to install the patch BEFORE you got infected to avoid
it.
--
Best of Luck,
Rick Rogers aka "Nutcase" MS-MVP - Win9x
Windows isn't rocket science! That's my other hobby!
Associate Expert - WinXP - Expert Zone
R
Rick \Nutcase\ Rogers
Hi Benno,
It's a virus called blaster or lovesan. Information:
http://www.kellys-korner-xp.com/xp_qr.htm#rpc
http://vil.nai.com/vil/content/v_100499.htm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html
http://www.bigblackglasses.com/Article.aspx?Article=342
You need the patch described here to protect against it:
MS03-039: A Buffer Overrun in RPCSS Could Allow an Attacker to Run Malicious
Programs
http://support.microsoft.com/?kbid=824146
Problem is, you needed to install the patch BEFORE you got infected to avoid
it.
--
Best of Luck,
Rick Rogers aka "Nutcase" MS-MVP - Win9x
Windows isn't rocket science! That's my other hobby!
Associate Expert - WinXP - Expert Zone
It's a virus called blaster or lovesan. Information:
http://www.kellys-korner-xp.com/xp_qr.htm#rpc
http://vil.nai.com/vil/content/v_100499.htm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html
http://www.bigblackglasses.com/Article.aspx?Article=342
You need the patch described here to protect against it:
MS03-039: A Buffer Overrun in RPCSS Could Allow an Attacker to Run Malicious
Programs
http://support.microsoft.com/?kbid=824146
Problem is, you needed to install the patch BEFORE you got infected to avoid
it.
--
Best of Luck,
Rick Rogers aka "Nutcase" MS-MVP - Win9x
Windows isn't rocket science! That's my other hobby!
Associate Expert - WinXP - Expert Zone
M
Maurice
-----Original Message-----
I have alos been experiencing the NT Auhtority/System
shutdwon. Has anyone found a soultion?
Please pass on.
Benno
.
Sounds like the Blaster worm. See
http://www.microsoft.com/security/incident/blast.asp for
a description of Blaster. Compare their screen print of
the NT AUTHORITY\SYSTEM shutdown message to yours. If
that's what you're getting, see
http://securityresponse.symantec.com/avcenter/venc/data/w3
2.blaster.worm.html for a detailed description of the
worm and its removal procedure.
B
Bruce Chambers
Greetings --
If you've connected the PC to the Internet without having first
enabling a firewall, without having first installed an antivirus
application with current virus definition files, and/or before
installing the KB824146 Hotfix, you're very likely to have been
infected from any of the thousands of PCs on the Internet that are
constantly broadcasting the Blaster and/or Welchia worms. It only
takes a few seconds of exposure.
To stay on-line long enough to get the necessary updates, patches,
and removal tools, click Start > Run, and enter "shutdown -a" when the
next RPC countdown begins. This will abort the shut down. Also, make
sure you've enabled a firewall before starting, to preclude any more
intrusions while getting the updates/patches/tools.
Microsoft Security Bulletin MS03-39
http://support.microsoft.com/?kbid=824146
What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp
W32.Blaster.Worm a.k.a. W32/Lovesan.Worm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html
W32.Blaster.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
W32.Welchia.Worm a.k.a. W32/Nachi.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html
W32.Welchia.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.html
McAfee AVERT Stinger
http://us.mcafee.com/virusInfo/default.asp?id=stinger
Bruce Chambers
--
Help us help you:
You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH
If you've connected the PC to the Internet without having first
enabling a firewall, without having first installed an antivirus
application with current virus definition files, and/or before
installing the KB824146 Hotfix, you're very likely to have been
infected from any of the thousands of PCs on the Internet that are
constantly broadcasting the Blaster and/or Welchia worms. It only
takes a few seconds of exposure.
To stay on-line long enough to get the necessary updates, patches,
and removal tools, click Start > Run, and enter "shutdown -a" when the
next RPC countdown begins. This will abort the shut down. Also, make
sure you've enabled a firewall before starting, to preclude any more
intrusions while getting the updates/patches/tools.
Microsoft Security Bulletin MS03-39
http://support.microsoft.com/?kbid=824146
What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp
W32.Blaster.Worm a.k.a. W32/Lovesan.Worm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html
W32.Blaster.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
W32.Welchia.Worm a.k.a. W32/Nachi.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html
W32.Welchia.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.html
McAfee AVERT Stinger
http://us.mcafee.com/virusInfo/default.asp?id=stinger
Bruce Chambers
--
Help us help you:
You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH