Hi there, sounds like you have Blaster.
I have provided info on Sasser as well as Blaster.
Sasser:
Links about the virus:
http://www.microsoft.com/security/incident/sasser.asp
http://www.updatexp.com/sasser-worm.html
http://www3.telus.net/dandemar/sasser.htm
To stop shutdown, click Start, click Run and type: shutdown -a
then click OK.
Removal tools available here:-
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=125008
http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.worm.html
http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.b.worm.html
For technical details on Sasser and manual steps to remove
http://www.microsoft.com/technet/security/alerts/sasser.mspx
or
http://www.microsoft.com/security/incident/blast_faq.asp
Blaster Worm FAQ
1. CTRL-ALT-DELETE to bring up the Task Manager. Look for msblast.exe and select
it and End Process. This will stop the computer from shutting down.
It doesn't remove the worm.
To enable your firewall :
- Click Start
- Click Control Panel
- Double Click "Network Connections"
- Right-click on your Dial up Connection, then left click 'Properties'
- Left Click 'Advanced' Under "Internet Connection Firewall" tick the box
'Protect my computer and networking by limiting or preventing access to this
computer from the internet'
- Click Ok and Close the "network connections" box.
You can then connect to the Internet and download the Microsoft relevant patch.
You could also try:
Click Start/Run then type in cmd
and then type in : shutdown -a
Do this when the shutdown prompt appears.
W32.Blaster.Worm patch is available here:-
The most recent patch is KB828741, MS04-012:
Cumulative Update for Microsoft RPC/DCOM, which is directly available here:
http://www.microsoft.com/technet/security/bulletin/ms04-012.mspx This
supersedes 824146
You must download and install the patch. In many cases, you will need to do this
before you can continue with the removal of the worm.
Because of the way the worm works, it may be difficult to connect to the
Internet to obtain the patch, definitions, or removal tool before the worm shuts
down the computer. It has been reported that, for users of Windows XP,
activating the Windows XP firewall may allow you to download and install the
patch, obtain virus definitions, and run the removal tool. This may also work
with other firewalls, although this has not been confirmed.
2. You can download the Symantec Removal Tool from here
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
or you can visit this site to assist in the removal of the worm
http://www3.ca.com/virusinfo/virus.aspx?ID=36265
To download ClnPoza.zip - a utility that cleans a local machine affected by
Win32.Poza,
or this site for assistance:
http://www.kellys-korner-xp.com/xp_qr.htm#rpc
http://www.updatexp.com/cryptographic-service.html
For information on the Cryptographic Services