nt authority\system

  • Thread starter Thread starter Muhammad Ali
  • Start date Start date
M

Muhammad Ali

Can any one pl help me!!!
when ever i connect to internet after some time a massase like

nt authority\system

remote procedure call(rpc)service

terminated unexpectedly

a countdown start 59...58...57.. and winxp restart

what is this
 
Hi there, sounds like you have Blaster.
I have provided info on Sasser as well as Blaster.


Sasser:
Links about the virus:
http://www.microsoft.com/security/incident/sasser.asp
http://www.updatexp.com/sasser-worm.html
http://www3.telus.net/dandemar/sasser.htm

To stop shutdown, click Start, click Run and type: shutdown -a
then click OK.

Removal tools available here:-
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=125008
http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.worm.html
http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.b.worm.html

For technical details on Sasser and manual steps to remove
http://www.microsoft.com/technet/security/alerts/sasser.mspx

or

http://www.microsoft.com/security/incident/blast_faq.asp
Blaster Worm FAQ

1. CTRL-ALT-DELETE to bring up the Task Manager. Look for msblast.exe and select
it and End Process. This will stop the computer from shutting down.
It doesn't remove the worm.

To enable your firewall :
- Click Start
- Click Control Panel
- Double Click "Network Connections"
- Right-click on your Dial up Connection, then left click 'Properties'
- Left Click 'Advanced' Under "Internet Connection Firewall" tick the box
'Protect my computer and networking by limiting or preventing access to this
computer from the internet'
- Click Ok and Close the "network connections" box.
You can then connect to the Internet and download the Microsoft relevant patch.

You could also try:
Click Start/Run then type in cmd
and then type in : shutdown -a
Do this when the shutdown prompt appears.

W32.Blaster.Worm patch is available here:-
The most recent patch is KB828741, MS04-012:
Cumulative Update for Microsoft RPC/DCOM, which is directly available here:
http://www.microsoft.com/technet/security/bulletin/ms04-012.mspx This
supersedes 824146
You must download and install the patch. In many cases, you will need to do this
before you can continue with the removal of the worm.
Because of the way the worm works, it may be difficult to connect to the
Internet to obtain the patch, definitions, or removal tool before the worm shuts
down the computer. It has been reported that, for users of Windows XP,
activating the Windows XP firewall may allow you to download and install the
patch, obtain virus definitions, and run the removal tool. This may also work
with other firewalls, although this has not been confirmed.

2. You can download the Symantec Removal Tool from here
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
or you can visit this site to assist in the removal of the worm
http://www3.ca.com/virusinfo/virus.aspx?ID=36265
To download ClnPoza.zip - a utility that cleans a local machine affected by
Win32.Poza,
or this site for assistance: http://www.kellys-korner-xp.com/xp_qr.htm#rpc

http://www.updatexp.com/cryptographic-service.html
For information on the Cryptographic Services
 
Back
Top