Premature shutting down

  • Thread starter Thread starter Dan Lodge
  • Start date Start date
D

Dan Lodge

I have activated XP for the first time within the last 24
hours. It seems to be working OK except that after a few
minutes, say 4 or 5, a message appears saying that the
system is being shut down. It refers to NT
AUTHORITY\SYSTEM and suggests that the Remote Procedure
Control service has triggered this action.
Despite much reading of messages here and in handbooks I
can find no reference to the above. Can someone help
please.
Thanks, JWL
 
Dan said:
I have activated XP for the first time within the last 24
hours. It seems to be working OK except that after a few
minutes, say 4 or 5, a message appears saying that the
system is being shut down. It refers to NT
AUTHORITY\SYSTEM and suggests that the Remote Procedure
Control service has triggered this action.
Despite much reading of messages here and in handbooks I
can find no reference to the above. Can someone help
please.
Thanks, JWL
Click to expand...

You have the blaster worm. Make sure you are running an antivirus
program with current virus definitions, then go to Symantec's web site
and download the fix. Then boot to a Safe Mode, disable Sysem Restore,
run the fix, reboot to Normal mode, install all critical windows
updates, re-enable System Restore, reboot, and run a full virus scan.

--
-the small one

All postings carry no guarantee or warranty, expressed or implied.
Proceed at your own risk, and perform system and data backups prior to
making changes to your system, and on a regular basis, to protect your
system.
 
In
Dan Lodge said:
I have activated XP for the first time within the last 24
hours. It seems to be working OK except that after a few
minutes, say 4 or 5, a message appears saying that the
system is being shut down. It refers to NT
AUTHORITY\SYSTEM and suggests that the Remote Procedure
Control service has triggered this action.
Click to expand...


You have the MSBlaster worm. To remove it, do the following:

The following instructions are in three parts

1. Stop it from running

2. Remove it from your system

3. Make sure it doesn't come back



Before beginning, if you have an always-on internet connection,
it's a good idea to disconnect it.



1. Stop it from running

Press Ctrl-Alt-Delete to bring up the Task Manager, then on the
Processes tab, click msblast.exe and then "End process." Reply
"Yes" to the warning message that comes up.

This stops the worm from running, so your system will not shut
down. However, it doesn't remove it, and if that's all you do, it
will start up again the next time you boot.


***

2. Remove it from your system

a. Start the registry editor program, regedit, by going to Start
| Run, and typing REGEDIT
Navigate to HKEY_Local_Machine\Software\Microsoft\Windows\Current
Version\Run by clicking the plus signs next to each of the
folders in the left hand pane. When you get to the last of them,
Run, click the word Run itself.

Find an entry called "Windows Auto Update" on the right side.
Right-click it and delete it.

b. Do a Windows search for msblast, and delete all files found.

The worm is now gone, and won't start again the next time you
boot. But if that's all you do, you can get reinfected just as
you did the first time.

***


3. Make sure it doesn't come back

a. Make sure you're running a firewall that prevents worms like
this from getting in. You can enable the built-in Windows XP
firewall, or download and install another one such as the free
version of ZoneAlarm. To enable the built-in firewall, go to
Control Panel, double-click Networking and Internet Connections,
then click Network Connections. Right-click your connection, then
click Properties, and on the Advanced tab, click the option
"Protect my computer and network..."

b. If you've disconnected your internet connection, reconnect it.
Download and install the Microsoft patch at
http://download.microsoft.com/downl...e-b7a52a983f01/WindowsXP-KB823980-x86-ENU.exe

That will remove the vulnerability that the worm exploits.

c. Be sure you are running an anti-virus program, and that you
regularly download the latest updated virus definitions.
 
Back
Top