NT AUTHORITY shutting down my PC
- Thread starter acidosmosis
- Start date
- Status
black eyed dog
Posts: 7 +0
...and make sure you download the patch first!
black eyed dog
Posts: 7 +0
"was it easy to install"
What the AVG update?
If so, yeah. Save the file into the AVG subdirectory "updates", then run AVG and it does it automatically
Dog
What the AVG update?
If so, yeah. Save the file into the AVG subdirectory "updates", then run AVG and it does it automatically
Dog
EKUcolonel
Posts: 22 +0
Here was my process:
1) I stopped my system from shutting itself down by going to START, CONTROL PANEL, ADMINISTRATIVE TOOLS, COMPONENT SERVICES. Then I selected Services (local) from the left hand window. I found Remote Procedure Call (RPC) from the right hand window, right click, porperties. From the RECOVERY tab I then set it changed the settings so it wouldn't restart everytime.
2) Go to the site Microsoft has created for the patch: http://microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp
From there I dled the 32 bit XP patch.
3) I restarted my system.
4) I went to my task manager and stopped MSblaster.exe
5) I started my Norton Program and dled the latest updates. It deleted it for me.
6) I searched for any reminates and found another file with MSBlaster.exe in it. I deleted it.
7) I restart my computer.
1) I stopped my system from shutting itself down by going to START, CONTROL PANEL, ADMINISTRATIVE TOOLS, COMPONENT SERVICES. Then I selected Services (local) from the left hand window. I found Remote Procedure Call (RPC) from the right hand window, right click, porperties. From the RECOVERY tab I then set it changed the settings so it wouldn't restart everytime.
2) Go to the site Microsoft has created for the patch: http://microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp
From there I dled the 32 bit XP patch.
3) I restarted my system.
4) I went to my task manager and stopped MSblaster.exe
5) I started my Norton Program and dled the latest updates. It deleted it for me.
6) I searched for any reminates and found another file with MSBlaster.exe in it. I deleted it.
7) I restart my computer.
EKUcolonel
Posts: 22 +0
I hope the word gets out quick about this. I have already seen some sites like Yahoo! posting warning, but yet to see it on the news. It's not too hard to stop the worm if people have about 30 minutes to spare. I just wish people wouldn't do this s*** b/c they are bored or don't like Bill Gates.
Are we talkign about two different things here? I dont have a vius infection on my pc but I do have that NT AUTHORITY restarting my pc all the time. I did get it fixed so it dont restart now by using that control panel. About a week ago I did try to install a router and did not finish it yet. I think I seen Killer say somethign about networking and then getting the NT AUTHORITY message. The NT AUTHORITY seems like a MS security issue of some kind and not a virus. Acidosmosis who is the first poster of this thread says something just like what Im getting. Has anyone downloaded and installed that patch and has it working for them. Im not looking forword to formatting and then having the same trouble again. If this is even dupable.
Last but not least I did find this thread via google.
Last but not least I did find this thread via google.
b2bomber81
Posts: 51 +0
Zarhol, update your virus definitions. Norton Anti-Virus now has the fix to find and remove this new virus - you just need to update your program.
Looks like everyone is starting to gain the upper hand on this one. Did we outsmart 'em?
Looks like everyone is starting to gain the upper hand on this one. Did we outsmart 'em?
Hey, have we figured out about the multiple instances of svhost.exe? I've got 4 running, I did have 1 NT AUTHORITY incident, but msblaster.exe is no where to be found on my computer.
iss
Posts: 1,994 +1
symantec has released a tool to remove the blaster worm you can download it here the instructions on how to usee the tool are on the same page.
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
i ran FixBlast.......it didnt find anything - so I guess all the crap I deleted got rid of it.......i disabled System Restore - im not allowing that crap back up again.......save me some space.
i can now go to the gym in peace.
if this does turn out to be the solve-all......id like to thank everyone that added to this thread to help solve the problem and id like to thank google for linking to this thread for me to find.
thanks everyone!
now if i come back home and theres more problems to be had......im going to be pissed.
thanks again! :thumbup:
i can now go to the gym in peace.
if this does turn out to be the solve-all......id like to thank everyone that added to this thread to help solve the problem and id like to thank google for linking to this thread for me to find.
thanks everyone!
now if i come back home and theres more problems to be had......im going to be pissed.
thanks again! :thumbup:
suger and spice
Posts: 8 +0
The update from avg finds the worm lovsan but cant remove it. Im nmow trying the msblast remover from symantec.
Im using kerio firewall which allowed me to create rules preventing anyone connecting to msblast from any ip address and also stopping msblast from connecting out and redownlowding itself.
Im using kerio firewall which allowed me to create rules preventing anyone connecting to msblast from any ip address and also stopping msblast from connecting out and redownlowding itself.
suger and spice
Posts: 8 +0
OK i think this sucker is toast.
Ive rerun avg it found the virus and has deleted it, i have also run the symantec removal tool in safe mode which gave me the all clear. One thing though which i'm not sure about is when i do a search for msblast using windows search facility it still finds this file MSBLAST.EXE-09FF84F2.pf in the windows prefetch fowlder. I dont know what this prefetch file does, anyone know if this should be deleted manually?
Ive rerun avg it found the virus and has deleted it, i have also run the symantec removal tool in safe mode which gave me the all clear. One thing though which i'm not sure about is when i do a search for msblast using windows search facility it still finds this file MSBLAST.EXE-09FF84F2.pf in the windows prefetch fowlder. I dont know what this prefetch file does, anyone know if this should be deleted manually?
Hi Everyone, im new here,
But i was having problems with that and was starting to get seriously pissed off last night as it happened every few minutes after my computer restarted, it happened this morning aswell, but thatnk you for the information provided by the admin and i downloaded the bits i needed, and i am still waiting to see what happens.
But i was having problems with that and was starting to get seriously pissed off last night as it happened every few minutes after my computer restarted, it happened this morning aswell, but thatnk you for the information provided by the admin and i downloaded the bits i needed, and i am still waiting to see what happens.
iss
Posts: 1,994 +1
while it wont help anyone allready infected with blaster there are some programs that are great aids in stopping problems like blaster created. they work by starting with windows and monitoring processes running in the background.
the first is win patrol. it sits in the system tray and uses very little resources when windows starts or any time while it is runnig if ANY NEW process tries to start winpatrol will alert you with a pop up asking you if you want this process to run and you have the option of preventing it from doing so.
there are two versions one is freeware. the other cost 12.95 the shareware version gives you access to a online database which will identify any process after you click on it and then click "plus"
http://www.winpatrol.com/
the other is WinSonar also freeware and does basically the same thing.
http://digilander.libero.it/zancart/
the first is win patrol. it sits in the system tray and uses very little resources when windows starts or any time while it is runnig if ANY NEW process tries to start winpatrol will alert you with a pop up asking you if you want this process to run and you have the option of preventing it from doing so.
there are two versions one is freeware. the other cost 12.95 the shareware version gives you access to a online database which will identify any process after you click on it and then click "plus"
http://www.winpatrol.com/
the other is WinSonar also freeware and does basically the same thing.
http://digilander.libero.it/zancart/
This board is a sanity saver !!! Thanks so much I had the NT Authority/System shutdown my pc at least 100 times and it would happen so fast that I couldn't even try to figure out what was going on .... Evidently it missed me loggin in or something long enough for me to search the subject and I was able to find this board... Praise the lord!!! I was just before a system recovery cd which would have caused me to lose everything... Now someone said this isn't quite a virus yet and the patch seems to have helped so far but... if it is related to irc clients which I do use irc often will the patch keep it from happening again or what can be done to prevent it from happening again or what can be done to fix any damage done to my pc already? Or am I even asking anything that makes sense... (this pc has really drove me nuts over the last 24 hours... and I just really want to make sure it doesn't happen again) Thanks in advance for and info
Shana
Shana
WOW seems i may have posted prematurely... I too have msblast.exe on my windowsxp home edition ... I don't use msn messenger but i do use yahoo and invision for the irc chat and i also have or had rather (because it was my first thought of being the culprit) kazaa installed on my pc. I updated my norton virus list and am now doing a virus scan to see what i can find... This is a great site... nt authority/system was a bad thing to have to go thru to find it but i'm glad i found this board anyway
Shana
Shana
Friend of mine just found this:
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
i have been having the problem since last night.my computor was shutting down every time i went on to the net or open my emails.
when off line i had no problems,now that i have manage to down load the patch every thing seems ok.could it be possible that the
attacks start from an email that has been sent.just a thought
regards othg_chris774
when off line i had no problems,now that i have manage to down load the patch every thing seems ok.could it be possible that the
attacks start from an email that has been sent.just a thought
regards othg_chris774
- Status
Similar threads
Latest posts
-
Is there any way to get back my Flash drive data? Free of cost- miahenry replied
-
US TikTok ban could begin next year as Biden signs law, but legal battle looms- Daniel Sims replied
