NT AUTHORITY shutting down my PC

By acidosmosis · 344 replies
Aug 2, 2003
  1. lil_lars80

    lil_lars80 TS Rookie

    blaster worm

    wow thanks everybody for your help!!:D
    I was able to get the microsoft patch and the symantec tool on disk.:grinthumb
    I will install them tonight and let you know how it goes:)
  2. kewlness

    kewlness TS Rookie

    AH HAH....I finally found the msblast file!

    Try not to laugh too hard @ me...'duh'...

    Thought I was losing my mind trying to find the file so I checked my AntiVirus virus list to be sure I was now protected. Yep, I'm protected for this worm. Then it hit me....check the quarantined folder....and it was there! I was very happy to finally be able to delete it!!!

    Thanks again for all the info here!!!
  3. BeccaL

    BeccaL TS Rookie

    I downloaded the patch I was hit the first time (a friend of mine suggested I come here and do so) but it won't install because there's something wrong within the system. I get messages saying it can't be installed because a device in the system is not functioning.

    I have a fairly old and crappy computer, I know, but is there any way to fix this so I can install the patch and keep the worm from hitting me again?

    The messages I got when I tried to install it are as follows:

    The Q823980I.EXE file is linked to missing export KERNEL32.DLL:InitializeCriticalSectionAndSpinCount

    A device attached to the system is not functioning

    I would appreciate any and all help and assistance anybody can give me regarding this matter.

    Thank you
  4. Phantasm66

    Phantasm66 TS Rookie Posts: 5,734   +8

    Tricky, but it sounds like you are applying the wrong patch. What OS do you have, and which patch did you download?

    If you have indeed downloaded the correct patch, and are getting that message, fixing it will be probably trickier than patching this worm problem - you might be better off with a clean install if you think its that bad!
  5. BeccaL

    BeccaL TS Rookie

    Honestly? I don't have a clue. LOL. I know next to nothing about computers. I probably downloaded the wrong patch, but there wasn't one that went with the versions of IE and Netscape that I use (my computer is old and doesn't run the newer versions very well so I don't use them).

    In an attempt to answer the questions...I use IE 5 and Netscape Communicator 4.7. Yes really. I downloaded the patch that said Netscape NT 4 or something along those lines.

    So...did I screw up or is it really something wrong with my computer? LOL.
  6. theBaptist

    theBaptist TS Rookie

    BeccaL u DID download the wrong patch - NT is an operating system and has nothing to do with Netscape.

    since you mentioned an old and crappy pc i really very much doubt u r running XP Home / Pro / 2000 or NT at all. in all probability u r still running Win95 or Win98.

    what i would really like to ask though is did you NEED the patch ?? where u infected by this worm ?? in all probability you were not and was just being cautious and decided to install it anyway.

    if you are running Win95 / 98 you do not need to bother about this worm - my advise is to have the latest Windows Updates and dont fret too much about msblast.exe :)

    btw it was thanks to this forum that i cleared it up - great site ;)
  7. Shawn Badyk

    Shawn Badyk TS Rookie

    Can't Download Patch!!!!!!!!!!!!!!!!!!!!!!!

    I have Windows XP home ediiton 32 bit & I h ave downloaded this patch over 40 times now, but when I accept the terms of agreement & click Next, the wizard just closes, this has happened every time I have used it. Why is the wizard closing down? I am doing nothing wrong, I am not downloading the wrong patch. What can I do, & is my computer totally '**£&£&£ed'?

    plrease don't swear! - phantasm66...
  8. Phantasm66

    Phantasm66 TS Rookie Posts: 5,734   +8

  9. maverick305

    maverick305 TS Rookie

    When I first encountered the worm on my pc I thought it had to do with some new drivers i had recently installed for my MoBo. So I did nothing a bout it and when my new HD arrived in the mail yesterday I installed a fresh XP with just my core drivers and my internet connection. I was online all of 5 mins and the NT shutdown message came up again.

    So I started thinking it might be faulty hardware to blame. Needless to say I was mad as hell. Well long story short I caught a news story while at work and it described everything I was going threw. I headed to Norton.com and DL'ed the FixBlaster and Patch and no problems since.

    I never thought virus or worm because the warning, though I had never seen anything like it, seemed too professional.

    I find it strange how the Worm jumped onto my brand new unused 80 gig drive.

    This forum has been a great Help! Thx to everyone. I thought it was just my problem at first.
  10. BeccaL

    BeccaL TS Rookie

    Thanks for the info. I am using Windows 95, but I do know that something did happen last night. I'm not entirely sure if I was actually infected...in the middle of something my entire screen went white and then this warning thing came up that said I should click on it to download the disinfect/fix. Of course I wasn't about to pay $39.95 US for it so I didn't download that fix. The warning also told me my computer was going to be shutting down in however many seconds it was, but I let it run out and it didn't really shut down my computer, it just started flashing that my computer was at a high risk and that I should disinfect it immediately. I pressed control-alt-delete a few times but it wouldn't restart or shut down my computer so then I just pressed the power button, waited a few seconds and turned it back on. I ran scan disk when it prompted me to because Windows wasn't shut down properly, and it found a couple of errors that were easily enough fixed and nothing out of the ordinary has happened since (knock on wood).

    I have no real anti-virus program (aside from whatever helped me last night, LOL) and neither my A-drive or my CD-rom drive work so anything I try to get will have to be downloadable from online, so I really don't know what to do about that. I want to put Norton or something on, but I don't know how their trialware works, exactly. I mean if I download it, use it and then delete it before the 15 days are up, do I still have to pay for the download?

    Again, thanks for the help. It's nice that people who know more than I do don't think I'm a complete dingbat for not knowing some stuff. :)
  11. waiyeh

    waiyeh TS Rookie Posts: 19

    all sorted now thanks to all,
    i was up till 8 in the morning to get this done.
    this is what i have to do to get rid of problems and update,

    i go to administration tools - services -rpc - recovery and select all 3 boxes to "take no action"
    this will enable get online to download without be shutdown,

    download the norton fixit tool to your desktop:

    download the windows xp 32bit update patch save this to desktop:http://download.microsoft.com/downl...e-b7a52a983f01/WindowsXP-KB823980-x86-ENU.exe

    now go into control panel-systems-system restore and then turn off system restore on all drive.

    then double click the norton fixit tool and start ,let it find any virus and repair your files.
    when its finished and it ask if you want to download patch from the web click no and exit.

    empty recycle bin

    restart computer into safe mode

    once there you can install the windows xp 32bit updated patch.
    this patch will only let me install in safe mode.

    once patch installed restart computer normally

    now you will need to download any windows update for your computer to keep it up to date for any future gliches.

    hope this will help anyone out there having problem still
  12. Mictlantecuhtli

    Mictlantecuhtli TS Evangelist Posts: 4,345   +11

    This NT authority exploit doesn't affect Win95.
    Probably just an app trying to take an advantage of people who don't know what's really going on. Install and/or upgrade your antivirus software. Actually, it might not even be an app, just an ActiveX script (they can shut down Windows if IE security settings are low enough).
  13. Phantasm66

    Phantasm66 TS Rookie Posts: 5,734   +8

    I've read that the worm does a denial of service attack against windowsupdate.com , to stop you from patching. Thanks very much for posting your notes.
  14. lil_lars80

    lil_lars80 TS Rookie


    well I think it worked, will know for sure if it doesn't try to shut me down anymore.
    I just wanted to thank everyone for all your help and support:grinthumb
    I couldn't have done it without you:blush:
  15. LNCPapa

    LNCPapa TS Special Forces Posts: 4,276   +461

  16. Cormega

    Cormega TS Rookie

    Okay, why aren't the virus/worm writers in Gitmo?

    Our much-vaunted Homeland Security team is busy peeking up skirts and down phone lines to spy on John Q. Citizen, but as we saw with the collapse of the Northeast Power Grid yesterday, the HS kiddies have totally missed protecting America's core infrastructure from problems. And, so it hardly comes as a surprise that they have turned an equally blind eye to the writers and creators of the numerous computer viruses and worms that plague all computer users.

    In the case of MSBlast, the computers at Edwards Air Force Base have been shut down, the Maryland Department of Motor Vehicles was off line for a day, one of the Federal Reserve branches had to shut down for a while, and half the computers here at the University of Hawaii are compromised. There may be more damage yet unreported. Some technical experts even suggest that yesterday's blackout was caused by the worm. Certainly hospitals are not immune to such computer pranks, and it is only a matter of time before lives dependent on medical computer systems are at risk.

    At present, more than 240,000 computers are known to have been compromised by MSBlast. Times to fix the problem can run from 24 hours for personal computers to as long as a week for complex networked systems. Multiply the number of infected systems times the number of hours spent dealing with the problem times the cost-per-hour of staff tied up with removing the virus, times the thousands of known viruses, and the cost to the nation in direct expense and lost productivity quickly runs into billions of dollars! Even when a computer is not infected with a virus, the anti-virus, mail scanning, and firewall systems add to the cost of a computer operation, while using up processor and memory resources. In many cases, software that protects the computer from malicious users can interfere with the software the computer was actually purchased to run. This is the case in my company, where one of the the anti-virus systems causes conflicts with a 3D animation package.

    Those who enjoy writing and releasing viruses continue to do so because nothing is rarely done about them. As busy as the FBI and Homeland Security are tracking down Arab Muslims who might have been on the same bus with someone who might be related to someone who might have once said hello to someone who might be a terrorist, the FBI and Homeland Security give a collective shrug of the shoulders when it comes to trying to hunt down the authors of Code Red, MSBlast, and the newest threats, Kuskus, Greybird, and Beasty. From personal experience, I know that even when the identity of a cyber-attacker is provided to the FBI, interest in investigation is virtually nonexistent.

    But the bottom line is that if Homeland Security and the FBI are really supposedly protecting Americans with these extraordinary measures, then why aren't we seeing these extraordinary measures brought to bear on those who are really damaging our workplace and home in ways we directly experience, the creators of viruses and worms? The same FBI willing to drain an entire pond in a futile hunt to link Dr. Hatfill to the Anthrax case ought to expend a similar effort to track down and arrest the authors of the MSBlast worm. But they don't. Why? Is a few billion dollars wasted cash out of the pockets of America's computer users just not "sexy" enough? After all the effort to get NSA-KEY into our computers and ECHELON into our phone lines, is the same FBI that claims to have identified the 9-11 hijackers even after there were no more physical remains going to pretend that they can be totally bamboozled by a pimply-faced kid with a laptop?

    Maybe we need to stop worrying so much about Arab Muslims and start filling camp X-ray with the home-grown terrorists who think trashing every computer on the internet is good fun. Most of those people in Gitmo haven't actually done anything to harm the United States. The virus/worm writers have cost us billions. Isn't it time that the people who claimed to be so concerned about the American way of life walked their talk, and focused their efforts on those culprits who demonstrably wreck the tools with which we earn our livings?

    America is struggling to remain competitive with the rest of the global economy. Attacks upon our computer systems used in our businesses are obviously a direct threat to that ability to compete, and hence are an attack upon the nation itself. It is time to treat them as such.
  17. maverick305

    maverick305 TS Rookie

    Cormega Stop your whining. Some things just can't be stopped. Only way to stop something like the worm is to put a tap on everything everyone does on there pc. As soon as the goverment puts a tap on your PC you'll start crying a river about that too.
  18. SNGX1275

    SNGX1275 TS Forces Special Posts: 10,742   +421

  19. Phantasm66

    Phantasm66 TS Rookie Posts: 5,734   +8

    There certainly is something in the case that one of the main choices in the 21st Century is "How many of our personal freedoms are we willing to give up in order to get more security?"

    Cormega, I could go on a similar rant about child abuse, or drug pushing. The world is full of problems and society is dealing with them the best way it can.
  20. SaTaNzBish

    SaTaNzBish TS Rookie

    Found an easy way to get rid of Ms Blaster

    If your computer becomes infected and gets shut down, you will need to follow these steps (you may want to print them for future reference):

    • Unplug modem.
    • Restart computer.
    • Go to Start / Search / For Files and Folders.
    • Confirm that Look in is set for C: drive.
    • Search for files and folders named: "MSBLAST.exe"
    • When computer finds the msblast file(s), right click on the file names and delete all copies of the file.
    • Shut down the machine.
    • Plug the modem back in.
    • Restart the machine.
    • Go directly to one of the web sites above and install the patch and/or update

    Attached Files:

  21. SaTaNzBish

    SaTaNzBish TS Rookie

    Found an easy way to get rid of Ms Blaster

    If your computer becomes infected and gets shut down, you will need to follow these steps (you may want to print them for future reference):

    • Unplug modem.
    • Restart computer.
    • Go to Start / Search / For Files and Folders.
    • Confirm that Look in is set for C: drive.
    • Search for files and folders named: "MSBLAST.exe"
    • When computer finds the msblast file(s), right click on the file names and delete all copies of the file.
    • Shut down the machine.
    • Plug the modem back in.
    • Restart the machine.
    • Go directly to one of the web sites above and install the patch and/or update
  22. Cormega

    Cormega TS Rookie

    Are they?
  23. Shemyaza

    Shemyaza TS Rookie

    Cormega.......it's probably not a case of no one being interested in your posting, just that perhaps it's not the most appropriate thread for it to be on?

    Everyone on the thread has been threatened by this particular attack by MSBLAST, either directly or through someone they know. We all just wanted to get it fixed and I know for a fact that my son's computer wouldn't have been fixed as quickly had it not been for the great advice and suggestions given by those on this thread. My sincere thanks to all the people who put their 'thinking caps' on for this one.

    Homeland security apertaining to computers and/or the internet or the lack thereof, perhaps should be a matter for a separate thread entirely all on its own.

    Just a suggestions from another newbie.

    ;) :cool:
  24. Cormega

    Cormega TS Rookie

    It's all good Shemyaza
    Didn't mean to cause a stir, but it was the thread that inspired me to post, just hate when people have to reply rudely, its like Mom used to say, "If you don't have something nice to say, then say nothing".
  25. kewlness

    kewlness TS Rookie


    Hypocrisy at its best, eh Cormega?

    Perhaps a bit of Saint Agur with your Cabernet d'Anjou...
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...