NT AUTHORITY shutting down my PC

By acidosmosis ยท 344 replies
Aug 2, 2003
  1. b2bomber81

    b2bomber81 TS Rookie Posts: 52

    Running a Restoration does not cure the problem, as it does not delete files. It only restores system settings. Then you say, ok, it restores system settings, great right? No. Since it doesn't delete files, that MSBLAST file will still be there when you reboot - which then screws with your settings all over again. You can do system restore for the next 365 days with no results.
  2. slowEJ6

    slowEJ6 TS Rookie Posts: 21

    someone said that it might just get re d/l everytime you start up - i dont see why itd matter if you were on Cable/DSL/Dial-UP, whatever.......

    theyd all have to connect at some point.......my comp hasnt d/l anything that i have already removed from the system (i keep checking the files i posted earlier to see if they reappear on my comp or in my registry - nothing so far. thankfully.
  3. slowEJ6

    slowEJ6 TS Rookie Posts: 21

    HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\

    what is this? What are the folders in it? I have 5001, 5603, 5604 and they list all the files ive been searching for.......or so it seems, unless it means something else.......which im hoping it doesnt. :confused:
  4. Painter

    Painter TS Rookie

    I have been communicating with my work laptop, powered by dial up 56k. The computer that has the problems is my home system powered by cable modem. The laptop did have the svchost error earlier and our tech department mentioned a virus, however, it has not resulted in any NT shut down errors up to this point.

    The only problem seems to be with my computer ran by cable modem.
  5. Will

    Will TS Rookie


    I work for a certain anti-virus company in particular, and want to let you know that we were aware of the virus very early this morning. Symantec DOES have beta virus definitions available, but remember, they are BETA:


    Symantec should be releasing a tool sometime tonight probably. For the mean time, here is what I recommend:

    1. Obtain the Microsoft Patch from their web site below:


    There are a lot of different ways to obtain this patch. My favorite way is to boot into "Safe mode with Networking". This prevents the virus from loading, but gives you internet access. For some, you can fit the patch on a floppy disk.

    2. Download Symantecs Beta definitions. The catch here is that you have to be running Norton Anti-Virus for this to work.

    3. Boot into safe mode and install the patch. The MSI should not need to be loaded to install this patch, but if it does, try installing the patch from normal mode.
    4. Install the Beta Defs.
    5. Run a FSS with NAV.

    Your Done...
    More info as it becomes available...
  6. Strife121

    Strife121 TS Rookie Posts: 17

    the virus can search 20 I.P addresses a second or somthing once it finds a vunerable one ( us suckers ) it some how gets itself in and constantly downloads the virus or watever it is so if ure on cable or dsl it downloads it much faster than if ure on 56k so u get it popin up quicker once its in ure computer another ''copy'' of its self finds another this is why its spreading so fast
  7. DJB343

    DJB343 TS Rookie

    My Norton Antivirus Live Update sent me virus deffinitions bout 30 minz ago ........ ill tell you if it has found anything ....... cya :)
  8. Solarist

    Solarist TS Rookie

    Okay, this may be a stupid question, but is having a local loop normal? I currently am sitting in safe mode /w networking support.. I noticed this before in normal mode, but with different port numbers.
    The following is extracted from netstat:

     TCP    alondria:1025          localhost:1026         ESTABLISHED
     TCP    alondria:1026          localhost:1025         ESTABLISHED
  9. Killerbyte

    Killerbyte TS Rookie

    Hey Will. Seeing as though you work for the foremention un-named then named AV, maybe you can help here. Is the msblast directly related to NT Authority prob. And does getting rid of on fix the other. And what are the total ramnifications of this all. Sorry, but your deffinitions site sucks when it comes to the details of cosiquences! No burn, straight skinny.
  10. black eyed dog

    black eyed dog TS Rookie



    "The most troubling aspect of Buster is that as well as propagating itself, the worm installs a "back door" program on infected systems and reports back to an Internet relay chat server that the system has been compromised, Adams said. A malicious hacker could use that information to identify a compromised system and then attempt to delete or access data stored on it, he said."
  11. slowEJ6

    slowEJ6 TS Rookie Posts: 21

    WELP microsoft decided theyd tell me that my serial # is invalid.......so there went my chance of d/l SP1.....

    FIGURES!!!!!!!! im now ruined......
  12. iss

    iss TechSpot Chancellor Posts: 1,994

    if I were reformatting XP I would disconnect my phoneline or cable from the computer since during the installation phase XP opens a connection to the net to check for updated installation instructions. this may be where many who have reformatted are getting infected again even before the installation is finished.
  13. Strife121

    Strife121 TS Rookie Posts: 17

    iv just realised that the bandwith for all the files in kazaa has droped alot even the gold files that are supposed to always be at somthing around 364 has droped to 215......hmmmmm
  14. Will

    Will TS Rookie

    Haha...Well I can't say much, otherwise I would be taking business away from the un-named then named AV company. I am not going to get real technical because I am not getting paid for this, I am just trying to help out. Symantec is the world leader in AV protection. They now have full protection against this threat only 6 hours after its discovery. You can download Final Release definitions now from the Symantec Web site which will detect and remove this threat from safe mode. For more information, I highly recommend visiting:


    This will explain everything you need and want to know about the virus, including msboost.exe, and why formatting the hard drive doesn't fix anything.

    Also the newest definitions, which are NO LONGER BETA, can be obtained at the following address:


  15. SNGX1275

    SNGX1275 TS Forces Special Posts: 10,742   +421

    Now wait a minute, we dont' get much traffic, then we get 40,000+ views on this thread by the time I post this, its hard to moderate the bull that flows through here with that amount of traffic. This NT athourity issue WILL NOT SURVIVE A FORMAT, wow, hopefully nobody tossed their PC into the bonfire on that issue or bought a new one or somethign. Sometimes you really have to step back and think about how logical something is before you dive head first into it.
  16. -KurtCobain

    -KurtCobain TS Rookie

    Ok, I read the first 7 pages or so, and after all the long big confusing words I got confused.

    I know more about the computer than the average joe, but most of these guys know 10 times as much as I do.

    My mom started getting the NT Authority Error last night, saying something about RPC terminated unexpecdtly.

    After experminting some, I found that it only shuts down when Im connected to the internet. So I went into my closet and found Norton System Works 2002/ Anti Virus 2002/ Personal Firewall 2002, and downloaded updates for all three. I had to keep trying to get around the NT Authority deal.

    After I installed and scanned it multiple times, I turned on the internet and search for "NT Authority/System" on Google and found this thread. I never found MSblast in my Processes though, just a lot of Svchost.exe

    I tried that deal on the third page about going into control panel and that seems to be working as well. When I go to download the patch it tells me Update.inf is missing :-(

    I have 5 svchost.exe running as well, 3 system, one Local Service, and one Network Service.

    Svchost.exe system - 3,096 k
    Svchost.exe system - 3,928 k
    Svchost.exe system - 17,904 k
    Svchost.exe Local Service - 3,516 k
    Svchost.exe Network Service - 2,352 k

    I am running XP Pro, Dead Aim w/ AIM 5.2, Windows Messenger. I do not have MSN Messenger 6.0.

    I have Comcast Cable Internet, located in Mesquite, Texas. Anything else you need to know/want to know tell me.

    edit: Just tried to install the patch again and I got this error

    "Setup could not verify the integrity of the file Update.inf. Make sure the Cryptographic service is running on this computer."
  17. Strife121

    Strife121 TS Rookie Posts: 17

    this virus can block u from downloading the patch, although iv never heard of it doing that yet

    by the way i'v just seen the news on tv and they are already reporting this virus
  18. Killerbyte

    Killerbyte TS Rookie

    Thanks Will. Maybe I am a little thick headed, but I am still not seeing any confirmation that the worm is causing the NT Authority shut down. My consern is that these are 2 different things joined together, if you catch my meaning. Obviously you can not give away the farm, but I have to wonder about this. If you have the time to read through all of this thread, you will see that there is evidence of multiple things at work. This is also what I found in the field on others PC's today. I don't understand why this worm would shut down the pc, when it is trying to propagate.Maybe you can get clearence to clarify this, or get someone who can. Otherwise, I worry about legtimacy here. Anyone can say "I am with the mob", but not every one knows Big Toni. This is not a test, just a plea for more legit info.
  19. slowEJ6

    slowEJ6 TS Rookie Posts: 21

    i recall reading something saying you get the error message and the comp shuts down because it (the virus/hacker/whatever) sends incorrect information which leads to the error........but what do i know, ive been dealing with this damn thing for 2 weeks and im tired.
  20. Strife121

    Strife121 TS Rookie Posts: 17

    has any one even downloaded that confusing thing will showed us
  21. hrr4

    hrr4 TS Rookie

    its been happening to me whole day today

    every time i connect to the internet and go to google to search for the problem it restarts my comp
    i hope this thing fixes the problem
  22. Strife121

    Strife121 TS Rookie Posts: 17

    should i end process on blast.exe in my task manager or will it only cause more problems
  23. Strife121

    Strife121 TS Rookie Posts: 17

    any one help????
  24. black eyed dog

    black eyed dog TS Rookie

    The new AVG update seems to have worked for me. The MSblaster.exe is gone and everything seems normal.
  25. EKUcolonel

    EKUcolonel TS Rookie Posts: 23

    HAHA! I think I beat the worm! I ended msblast.exe from the task manager and ran Norton to find the virus. It was able to delete it after that. If that doesn't work, you should be able to delete it yourself. Also, turn on your firewall!!!
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...