Have just discovered this forum after having the constant shutdown issues. I believe my problem caused by MSBLAST.EXE (w32.Blaster.Worm). Followed instructions on Symantec site and deleted program, also deleted all reference in Registry. So far so good ( I hope!). Many thanks everyone for the posted info, you saved my sanity.
NT AUTHORITY shutting down my PC
- Thread starter acidosmosis
- Start date
- Status
Just wanted to say that today, as soon as I downloaded the patch, I got back on the internet with no problems. I went straight to the windows update page which took a few minutes to fully load, and downloaded 38 megabytes of critical system updates I had neglected in the past. After that I went to wal-mart and found this awesome software package called Norton Internet Security. It completely protects EVERYTHING! It has it's own built in firewall as well. I immediately downloaded all the updates from the net for it, and when I ran it, I found 162 infected files on my cpu. Not only that, but it picked up that MSBLAST.EXE file that I've been hearing about, but it deleted it and a few other bad ones I hadn't heard of. It was only 60 dollars. I consider it a good investment. I'd advise that you guys go ahead now and download all the windows updates you can because in a few days, it may be too late.
Phantasm66
Posts: 4,909 +8
Originally posted by SaTaNzBish
Hm im on Xp Pro and i havnt gotten the virus thing yet i also have Zonealarm.... hopefully i dont get itanother
Sage advice, my young apprentice....
Having some kind of personal firewall system is important too. I would say that the three headed dog of security in this respect is:
1)Keeping your machine up to date with fixes from windowsupdate.microsoft.com ,
2)Keeping your machine up to date with the very latest virus software ,
3)Keeping your machine up to date with the very latest build of zonealarm, or some similar personal firewall software.
I recommend time to check for updates for 1), 2) and 3) even as often as once per week
Get wise - the internet is a chaotic, sometimes evil place.
i've had problems with that cmd.exe file too. I'd try to delete it and it would just reappear at the end of the list. Any ideas what is up with that?
I have a problem that may be related that hopefully someone here can help me with. It's annoying. Everytime I boot up and windows starts, with my desktop screen in the back, it pops up 5 boxes warning me that "iexpIore" or something like that cannot be found. Does anyone know how to get rid of these things. Someone told me to run msconfig and uncheck all the boxes with system32 in it, and when I did that, one still popped up. There was another box I left checked that had system32 in it, but it was longer and I'm scared to mess up anything after getting things back to normal. I've since rechecked them. Any advice?
Try this tool. It will remove the worm!
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
It got rid of the cmd.exe
I still had these exe files after the patch, because they were already on my PC. THE PATCH WILL PROTECT FROM GETTING THEM.
I too run the 3 tools!
I caught these through my firewall prog too.
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
It got rid of the cmd.exe
I still had these exe files after the patch, because they were already on my PC. THE PATCH WILL PROTECT FROM GETTING THEM.
I too run the 3 tools!
I caught these through my firewall prog too.
Phantasm66
Posts: 4,909 +8
Good stuff!
Last I checked, Steve Gibson's Gibson Research website was back online, with updated tools for you to test your firewall.
Though I am still a newbie to this community, let me seriously second Phantasm66's advice to keep up to date with patches, and install AV and firewalls, and make sure those are up to date too.
I know there are some who maintain that the risk of getting a virus is minimal if one is careful when surfing, but I think this experience (and the length of this thread, 16 pages at the moment) shows that keeping up with patches, AV and firewalls is about being careful.
Cheers.
Though I am still a newbie to this community, let me seriously second Phantasm66's advice to keep up to date with patches, and install AV and firewalls, and make sure those are up to date too.
I know there are some who maintain that the risk of getting a virus is minimal if one is careful when surfing, but I think this experience (and the length of this thread, 16 pages at the moment) shows that keeping up with patches, AV and firewalls is about being careful.
Cheers.
Phantasm66
Posts: 4,909 +8
Well said.
You need to patch and maintain your machine in much the same way that you need to oil an engine. Think of viruses, hacker attacks, spam, and all of these nasty things as a kind of rust.
You need to patch and maintain your machine in much the same way that you need to oil an engine. Think of viruses, hacker attacks, spam, and all of these nasty things as a kind of rust.
hi all,
still got problems,
after i install the windows update my explorer seems to be playing up. i can't even click on the links that you guys put on the forum and also i couldn't even copy and paste the shortcut.
alsonorton anti virus not working- can't uninstall it and also it won't do live update.
does anyone have any ideas?
still got problems,
after i install the windows update my explorer seems to be playing up. i can't even click on the links that you guys put on the forum and also i couldn't even copy and paste the shortcut.
alsonorton anti virus not working- can't uninstall it and also it won't do live update.
does anyone have any ideas?
So I have to apply the patch before running the fixblast.exe tool from Norton?
Here's my problem...
Im running Wink2kPro... The Critical update requires SP3 or newer.
I can successfully install sp3 or sp4 .. however.. upon rebooting after the update... I get a blue screen that says 'inaccessible boot device' ... and then gives a bunch of numbers....
How can I possibly install the critical update patch.. when the required service pack keeps crashing my machine =/
Do i NEED to install the patch, or just run the tool from Norton and block port 135 then with a firewall?
** EDIT
This 'inaccessible' problem happened last time i tried a service pack too.. like last year, long before this virus was around. I had to do a reformat then too =/
Here's my problem...
Im running Wink2kPro... The Critical update requires SP3 or newer.
I can successfully install sp3 or sp4 .. however.. upon rebooting after the update... I get a blue screen that says 'inaccessible boot device' ... and then gives a bunch of numbers....
How can I possibly install the critical update patch.. when the required service pack keeps crashing my machine =/
Do i NEED to install the patch, or just run the tool from Norton and block port 135 then with a firewall?
** EDIT
This 'inaccessible' problem happened last time i tried a service pack too.. like last year, long before this virus was around. I had to do a reformat then too =/
msblast.exe-09ff84f2.pf
hello! I have a question. I have been following this thread from the beginning, and thought maybe this would be answered. (did i miss it, sigh..)
When removing the worm via the mentioned removal tool, (after the ms update of course) my boyfriend still has one file "msblast.exe-09ff84f2.pf" still remains in the windows/prefetch folder. It had been mentioned early on in the thread to delete it, but no mention since. .
Is this safe to just delete
thanks!
~boxygeek~
hello! I have a question. I have been following this thread from the beginning, and thought maybe this would be answered. (did i miss it, sigh..)
When removing the worm via the mentioned removal tool, (after the ms update of course) my boyfriend still has one file "msblast.exe-09ff84f2.pf" still remains in the windows/prefetch folder. It had been mentioned early on in the thread to delete it, but no mention since. .
Is this safe to just delete
thanks!
~boxygeek~
I believe others have deleted it in the prefetch folder safely.
iss
Posts: 1,994 +1
it is safe to delete anything in the prefecth folder in fact there is even a freeware tool that cleans the prefetch folder out for you. since it rebuilds itself over time.
http://www.majorgeeks.com/download.php?det=2495
http://www.majorgeeks.com/download.php?det=2495
Once again, you rock!
I would once again like to thank the wonderful people with TONS more information than myself on this board. I was able to sucessfully repair/delete the worm from not one, or two but 4 computers! lol (My personal 2 plus 2 of my friends)
You guys are once again wonderfull and get two thumbs up! :grinthumb :grinthumb
I would once again like to thank the wonderful people with TONS more information than myself on this board. I was able to sucessfully repair/delete the worm from not one, or two but 4 computers! lol (My personal 2 plus 2 of my friends)
You guys are once again wonderfull and get two thumbs up! :grinthumb :grinthumb
Guys, I don't know if it's a problem on my end, but I was trying to download the latest AV definitions for Grisoft AV Free Edition and the web update feature would not work; the file would not download. I downloaded the file manually and it updated fine after I placed it in the update subdirectory and ran Grisoft.
Just a heads up in case.
Just a heads up in case.
problem with the patch??
I just realized I had this worm, so I downloaded the patch of off Microsoft's website, but as I'm trying to install it, it says, Extraction Failure because "xpsp1hfm.exe is not a valid Win32 application" And then it stops. What is going on, and how can I fix this??? Please please help!! :-(
I just realized I had this worm, so I downloaded the patch of off Microsoft's website, but as I'm trying to install it, it says, Extraction Failure because "xpsp1hfm.exe is not a valid Win32 application" And then it stops. What is going on, and how can I fix this??? Please please help!! :-(
iss
Posts: 1,994 +1
Bluemagic,
if you are allready infected then you need to run the removal tool befroe installing the patch.
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
if you are allready infected then you need to run the removal tool befroe installing the patch.
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
NT Authority
This has been happening to me for a couple of days before I found y'all, but it only happens when I go online. The longest it lets me stay online for is maybe 5 minutes which is definitely not long enough to get the patch because (I hate to admit) I am still using dial up. would it be possible to get the patch oon my pc at work and save it to disk?
This has been happening to me for a couple of days before I found y'all, but it only happens when I go online. The longest it lets me stay online for is maybe 5 minutes which is definitely not long enough to get the patch because (I hate to admit) I am still using dial up. would it be possible to get the patch oon my pc at work and save it to disk?
acidosmosis
Posts: 1,310 +0
lil_lars80; Yea, you will only be affected when your online. Setting Remote Procedure Call to take no action will stop that from happening and you can get the patch from Microsoft in the meantime.
svchost.exe
Hey guys thanks for all the help with the NT AUTHORITY issue.
I was wondering if any of you guys found out what the file:
svchost.exe
is and if I should or how can I delete.
I have 4 of them running under task manager and when I tried to stop the processes I got the old NT AUTHORITY msg back.
Does anyone have the same problem?
Please help!
Thanks
Hey guys thanks for all the help with the NT AUTHORITY issue.
I was wondering if any of you guys found out what the file:
svchost.exe
is and if I should or how can I delete.
I have 4 of them running under task manager and when I tried to stop the processes I got the old NT AUTHORITY msg back.
Does anyone have the same problem?
Please help!
Thanks
Hello!
After reading more posts...I'm growing more and more paranoid...
I never found any msblast.exe files on my computer nor did my updated A/V find any virus or infected files. Should I be concerned???
recap: When the NT AUTH/SYST hit...I downloaded all available Windows updates for security. Everything worked fine...updated anti virus and all scans were fine.
Thanks
After reading more posts...I'm growing more and more paranoid...
I never found any msblast.exe files on my computer nor did my updated A/V find any virus or infected files. Should I be concerned???
recap: When the NT AUTH/SYST hit...I downloaded all available Windows updates for security. Everything worked fine...updated anti virus and all scans were fine.
Thanks
- Status
Similar threads
Latest posts
-
Adobe Firefly and Photoshop receive new AI enhancements, hilarity ensues- Daniel Sims replied
-
Microsoft is rolling out new Start menu ads to all Windows 11 users despite backlash- scavengerspc replied
