NT AUTHORITY shutting down my PC
- Thread starter acidosmosis
- Start date
- Status
I too used AVG virus software. It didn't find any blastworms but it did find another worm (can't remember which though)
The AVG site has no news on th blast worm yet though so we'll hve to wait until tomorrow at least.
I've done a virus check, patched it and removed the reg entry. After restarting the MSBLAST.EXE didn't appear so hopefully its OK now.
I run Kazaa too, maybe that was involved.
The AVG site has no news on th blast worm yet though so we'll hve to wait until tomorrow at least.
I've done a virus check, patched it and removed the reg entry. After restarting the MSBLAST.EXE didn't appear so hopefully its OK now.
I run Kazaa too, maybe that was involved.
My comp may be a POS, but at least hackers can't de-rail me suger and spice
Posts: 8 +0
BLAST MSBLAST
Hi everyone, great site I'm definately comming back here.
I think were on the right track with MSBLAST.exe. I started getting the NT/AUTHORITY shutdown problem earlier this evening and am so glad I found this site.
I was first alerted to MSBLAST by my firewall which showed maybe 10 outgoing connections by this little sucker to remote addresses which kept changing every second. I thought this was strange so I dennied all outgoing access to this exe. The thing is its in the win32 /temp folder so I didnt know if it needed to get out or not. Then I stumbled on the post with symantec and that explained everything. I went to regedit like it said and deleted the registry setting as it states. I have had no problems since.
My anti virus is avg and that is uptodate which proves that this exploit is real time.
But what do we do if our anti virus does not spot it?
I have done a search on my pc and found to msblast instances one in c:windows /prefetch and the exe in c:windows32.
Does anyone else have these? and should we just delete them?
Im running xp pro
Anyway best of luck to all that are suffering.
Hi everyone, great site I'm definately comming back here.
I think were on the right track with MSBLAST.exe. I started getting the NT/AUTHORITY shutdown problem earlier this evening and am so glad I found this site.
I was first alerted to MSBLAST by my firewall which showed maybe 10 outgoing connections by this little sucker to remote addresses which kept changing every second. I thought this was strange so I dennied all outgoing access to this exe. The thing is its in the win32 /temp folder so I didnt know if it needed to get out or not. Then I stumbled on the post with symantec and that explained everything. I went to regedit like it said and deleted the registry setting as it states. I have had no problems since.
My anti virus is avg and that is uptodate which proves that this exploit is real time.
But what do we do if our anti virus does not spot it?
I have done a search on my pc and found to msblast instances one in c:windows /prefetch and the exe in c:windows32.
Does anyone else have these? and should we just delete them?
Im running xp pro
Anyway best of luck to all that are suffering.
I too am having the same problem as Ilson.
My computer just hands down wont start up anymore. My Mom got the same problem last night (98SE) but after af ew hours it cleared up. I'm hoping it'll do the same for mine and start up in a few hours so I can get started on this.
I've had the problem for a while now, but it only occured every once in a while and it wasnt any big deal. Just today it started happenign right as soon as win finished booting up, and now my comp wont start up at all.
Hopefully i'll be able to boot up soon and try the patch.
My computer just hands down wont start up anymore. My Mom got the same problem last night (98SE) but after af ew hours it cleared up. I'm hoping it'll do the same for mine and start up in a few hours so I can get started on this.
I've had the problem for a while now, but it only occured every once in a while and it wasnt any big deal. Just today it started happenign right as soon as win finished booting up, and now my comp wont start up at all.
Hopefully i'll be able to boot up soon and try the patch.
Killerbyte
Posts: 11 +0
Let's throw some fuel on the fire! I am a cable modem tech, and just ran into this problem today. These pc's worked fine before I started the instal, but when I restarted the pc's, they had this problem. Not just a little, but almost emmediately on restart. It is like an endless loop of shut down and restart. So I do not think this is something that is limmited to just a chance dl. I am running XP pro, and yet am having no problems personally. I checked my system for MSBlast.exe and found nothing. And I am running msn mes 6.0. It is clear to me that at this time, I do not have this problem. What is not clear is why this problem has happened to our customers the second I restart AFTER cable modem installation. Any more uber geakiness would be very helpfull, since my superiors and tech sapport have their heads firmly inserted in their collective asses!
suger and spice
Posts: 8 +0
hi Killerbyte I am using xp pro too, I was having the problem and do have MSBLAST firmly inserted in my hard drive. Go to the symantec site and check out what it says.
http://securityresponse.symantec.co...aster.worm.html
http://securityresponse.symantec.co...aster.worm.html
DOH
had two friends who had this today
A programmer in my office used to spam shutdowns at me with NT4 option pack
But i wrote a work around that spammed the cancel command whenever that came up ><
Just can't find that anywhere now lol
had two friends who had this today
A programmer in my office used to spam shutdowns at me with NT4 option pack
But i wrote a work around that spammed the cancel command whenever that came up ><
Just can't find that anywhere now lol
i had this problem and now it doesnt happen after the patch unless i am using aim it seems... at least i think. any ideas??
Killerbyte
Posts: 11 +0
I scanned that a few times, and wile it looks like a doosy, I don't think it is the same problem, or at least all of it. They make no mention of NT Authority shut down. I may have missed it. You can understand why it is important for me to make SURE that the whole of the problem is known and fixed. Otherwise I will have some real angry customers saying I killed their pc. But this site has the best info so far.
black eyed dog
Posts: 7 +0
My son is having this MSBLAST problem. He thought there was a virus and reformatted and reloaded XP back on, but the same problem occurred. He couldn't instal the firewall or the virus software because the system kepts shutting down. We managed to download the patch and instal it, but when he rebooted, XP took ages to load and when it did, there was no start button. We went into safe mode and managed to delete the registry key, but he can't get the virus software to load on in order to take care of the MSBLAST.EXE file. Can anyone shed any light as to why there was no start key at the bottom?
Any help would be appreciated.
Any help would be appreciated.
black eyed dog
Posts: 7 +0
Oh, and thanks for the help people!!
Killerbyte
Posts: 11 +0
Your link is blown. I will try to just go there.
Help!
i am new to this place and pc's
i tried to download the patch as told by you people . as it was downloading the message cameup again and started to restart my pc.
now it goes in a cycle and would never allow to do anything. it does not even come up to the startup screen. it open some page like starting rom and then windows and then restarts.
i tried to go in safe mode but it lists some files and again restarts in cycle.
help me as to what i have to do???
i am new to this place and pc's
i tried to download the patch as told by you people . as it was downloading the message cameup again and started to restart my pc.
now it goes in a cycle and would never allow to do anything. it does not even come up to the startup screen. it open some page like starting rom and then windows and then restarts.
i tried to go in safe mode but it lists some files and again restarts in cycle.
help me as to what i have to do???
Hi Guys, i got this problem at aboit 9pm tonight.
I've now ran the patch,deleted mcblast,deleted the reg key for mcblast and empted my "C:\Documents and Settings\Spencer\Local Settings\Temp" folder.
I Found my internet is now running at normal speed and i dont get the 60sec shutdown thing.
I've now just tried to install my anti virus software again and its not letting me it says it cant continue and needs restarting..ive tried restarting (installation and pc) but it doesnt work.
i looked in task manager and found i still have about 4 svchost.exe running i end tasked all including one that says network service this caused the 60 sec pop up again..after a reboot i made it so my PC wouldnt reboot with that error...now i can end task svchost prob is tho soon as i end task a cople 2 more pop up..i've just looked again and i now have 3 running
I guessed svchost had something to do with it right from the start cos i usually only have 1 of them running.
Any ideas anyone??? (oh yeah i just nearly cried when my pc's task bar flashed from XP to classic and back again (remminded me of when i was hacked sometime ago)
I'm getting quite scared now!
Thanks for any help and thankyou for all the help so far and thanks to this forum! and its moderators
I've now ran the patch,deleted mcblast,deleted the reg key for mcblast and empted my "C:\Documents and Settings\Spencer\Local Settings\Temp" folder.
I Found my internet is now running at normal speed and i dont get the 60sec shutdown thing.
I've now just tried to install my anti virus software again and its not letting me it says it cant continue and needs restarting..ive tried restarting (installation and pc) but it doesnt work.
i looked in task manager and found i still have about 4 svchost.exe running i end tasked all including one that says network service this caused the 60 sec pop up again..after a reboot i made it so my PC wouldnt reboot with that error...now i can end task svchost prob is tho soon as i end task a cople 2 more pop up..i've just looked again and i now have 3 running
I guessed svchost had something to do with it right from the start cos i usually only have 1 of them running.
Any ideas anyone??? (oh yeah i just nearly cried when my pc's task bar flashed from XP to classic and back again (remminded me of when i was hacked sometime ago)
I'm getting quite scared now!
Thanks for any help and thankyou for all the help so far and thanks to this forum! and its moderators
Killerbyte
Posts: 11 +0
ACH!!!! It did not explain anything about NT Authority.
black eyed dog
Posts: 7 +0
Web Worm Attacks Windows, Spreads Fast-Experts
Mon August 11, 2003 07:23 PM ET
SAN FRANCISCO (Reuters) - An Internet worm that takes advantage of a recently discovered, widespread security hole in Microsoft Corp.'s MSFT.O Windows software emerged around the United States on Monday, crashing systems and spreading to vulnerable computers, security experts said.
The worm, dubbed LoveSan, Blaster, or MSBlaster, exploits a vulnerability in the Distributed Component Object service that is hosted by a Remote Procedure Call feature in Windows 2000 and Windows XP.
Once it gets onto a vulnerable computer, the program downloads code from a previously infected machine that enables it to propagate itself. Then, it scans the Internet for other vulnerable machines and attacks them, said Johannes Ullrich, chief technology officer at the Internet Storm Center at the SANS Institute.
In some cases, the worm crashes the victim machine, but does not infect it, he said.
It is spreading rapidly and has infected several thousand machines, Ullrich said.
The worm also appears to instruct the computer to launch a distributed denial of service (DDOS) attack on August 16 against a Microsoft Web site, he added. In a DDOS attack, a Web site is temporarily paralyzed after receiving requests from numerous multiple computers.
"It's dangerous from the perspective that it can consume a lot of bandwidth," said Russ Cooper of TruSecure Corp. "Every compromised machine is constantly attacking."
The worm contains code that includes a phrase: "Billy Gates why do you make this possible? Stop making money and fix your software," according to SANS.
Anti-virus provider Network Associates rated it a medium risk for consumers and corporate computer users, while rival Symantec Corp. rated it a high risk for distribution and a low risk for damage.
Security professionals have been expecting such a worm since last month.
Mon August 11, 2003 07:23 PM ET
SAN FRANCISCO (Reuters) - An Internet worm that takes advantage of a recently discovered, widespread security hole in Microsoft Corp.'s MSFT.O Windows software emerged around the United States on Monday, crashing systems and spreading to vulnerable computers, security experts said.
The worm, dubbed LoveSan, Blaster, or MSBlaster, exploits a vulnerability in the Distributed Component Object service that is hosted by a Remote Procedure Call feature in Windows 2000 and Windows XP.
Once it gets onto a vulnerable computer, the program downloads code from a previously infected machine that enables it to propagate itself. Then, it scans the Internet for other vulnerable machines and attacks them, said Johannes Ullrich, chief technology officer at the Internet Storm Center at the SANS Institute.
In some cases, the worm crashes the victim machine, but does not infect it, he said.
It is spreading rapidly and has infected several thousand machines, Ullrich said.
The worm also appears to instruct the computer to launch a distributed denial of service (DDOS) attack on August 16 against a Microsoft Web site, he added. In a DDOS attack, a Web site is temporarily paralyzed after receiving requests from numerous multiple computers.
"It's dangerous from the perspective that it can consume a lot of bandwidth," said Russ Cooper of TruSecure Corp. "Every compromised machine is constantly attacking."
The worm contains code that includes a phrase: "Billy Gates why do you make this possible? Stop making money and fix your software," according to SANS.
Anti-virus provider Network Associates rated it a medium risk for consumers and corporate computer users, while rival Symantec Corp. rated it a high risk for distribution and a low risk for damage.
Security professionals have been expecting such a worm since last month.
suger and spice
Posts: 8 +0
Well I've read the Reuters post and it looks like MSBLAST is quite likely to be the culprit. As I said in one of my previouse posts I noticed that msblast was making around 10 outgoing connections to ip addresses that were changing every second.
Now I dont know if Killerbytes problem is the same, I could reboot my machine fine but as soon as i went online thats when i would get the reboot by NT AUthority. I would check these machines to see if they have msblast or one of its varients.
Now I dont know if Killerbytes problem is the same, I could reboot my machine fine but as soon as i went online thats when i would get the reboot by NT AUthority. I would check these machines to see if they have msblast or one of its varients.
- Status
Similar threads
Latest posts
-
10 Things We Hate About Nvidia- Beerfloat replied
-
Apple cans knockoff Game Boy app as emulators suffer first App Store casualty- Squid Surprise replied