NT AUTHORITY shutting down my PC

Running a Restoration does not cure the problem, as it does not delete files. It only restores system settings. Then you say, ok, it restores system settings, great right? No. Since it doesn't delete files, that MSBLAST file will still be there when you reboot - which then screws with your settings all over again. You can do system restore for the next 365 days with no results.
 
someone said that it might just get re d/l everytime you start up - i dont see why itd matter if you were on Cable/DSL/Dial-UP, whatever.......

theyd all have to connect at some point.......my comp hasnt d/l anything that i have already removed from the system (i keep checking the files i posted earlier to see if they reappear on my comp or in my registry - nothing so far. thankfully.
 
OK ANOTHER QUESTION......
HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\

what is this? What are the folders in it? I have 5001, 5603, 5604 and they list all the files ive been searching for.......or so it seems, unless it means something else.......which im hoping it doesnt. :confused:
 
I have been communicating with my work laptop, powered by dial up 56k. The computer that has the problems is my home system powered by cable modem. The laptop did have the svchost error earlier and our tech department mentioned a virus, however, it has not resulted in any NT shut down errors up to this point.

The only problem seems to be with my computer ran by cable modem.
 
Hello!

I work for a certain anti-virus company in particular, and want to let you know that we were aware of the virus very early this morning. Symantec DOES have beta virus definitions available, but remember, they are BETA:

http://securityresponse.symantec.com/avcenter/beta.download.html

Symantec should be releasing a tool sometime tonight probably. For the mean time, here is what I recommend:

1. Obtain the Microsoft Patch from their web site below:

http://microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp

There are a lot of different ways to obtain this patch. My favorite way is to boot into "Safe mode with Networking". This prevents the virus from loading, but gives you internet access. For some, you can fit the patch on a floppy disk.

2. Download Symantecs Beta definitions. The catch here is that you have to be running Norton Anti-Virus for this to work.

3. Boot into safe mode and install the patch. The MSI should not need to be loaded to install this patch, but if it does, try installing the patch from normal mode.
4. Install the Beta Defs.
5. Run a FSS with NAV.

Your Done...
More info as it becomes available...
 
the virus can search 20 I.P addresses a second or somthing once it finds a vunerable one ( us suckers ) it some how gets itself in and constantly downloads the virus or watever it is so if ure on cable or dsl it downloads it much faster than if ure on 56k so u get it popin up quicker once its in ure computer another ''copy'' of its self finds another this is why its spreading so fast
 
My Norton Antivirus Live Update sent me virus deffinitions bout 30 minz ago ........ ill tell you if it has found anything ....... cya :)
 
Okay, this may be a stupid question, but is having a local loop normal? I currently am sitting in safe mode /w networking support.. I noticed this before in normal mode, but with different port numbers.
The following is extracted from netstat:

Code: 
 TCP    alondria:1025          localhost:1026         ESTABLISHED
 TCP    alondria:1026          localhost:1025         ESTABLISHED
 
Originally posted by Will
Hello!

I work for a certain anti-virus company in particular, and want to let you know that we were aware of the virus very early this morning. Symantec DOES have beta virus definitions available, but remember, they are BETA:

http://securityresponse.symantec.com/avcenter/beta.download.html

Symantec should be releasing a tool sometime tonight probably. For the mean time, here is what I recommend:

1. Obtain the Microsoft Patch from their web site below:

http://microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp

There are a lot of different ways to obtain this patch. My favorite way is to boot into "Safe mode with Networking". This prevents the virus from loading, but gives you internet access. For some, you can fit the patch on a floppy disk.

2. Download Symantecs Beta definitions. The catch here is that you have to be running Norton Anti-Virus for this to work.

3. Boot into safe mode and install the patch. The MSI should not need to be loaded to install this patch, but if it does, try installing the patch from normal mode.
4. Install the Beta Defs.
5. Run a FSS with NAV.

Your Done...
More info as it becomes available...
Click to expand...
Hey Will. Seeing as though you work for the foremention un-named then named AV, maybe you can help here. Is the msblast directly related to NT Authority prob. And does getting rid of on fix the other. And what are the total ramnifications of this all. Sorry, but your deffinitions site sucks when it comes to the details of cosiquences! No burn, straight skinny.
 
From

http://pcworld.idg.com.au/index.php?id=284749605&fp=2&fpid=1

"The most troubling aspect of Buster is that as well as propagating itself, the worm installs a "back door" program on infected systems and reports back to an Internet relay chat server that the system has been compromised, Adams said. A malicious hacker could use that information to identify a compromised system and then attempt to delete or access data stored on it, he said."
 
WELP microsoft decided theyd tell me that my serial # is invalid.......so there went my chance of d/l SP1.....

FIGURES!!!!!!!! im now ruined......
 
if I were reformatting XP I would disconnect my phoneline or cable from the computer since during the installation phase XP opens a connection to the net to check for updated installation instructions. this may be where many who have reformatted are getting infected again even before the installation is finished.
 
iv just realised that the bandwith for all the files in kazaa has droped alot even the gold files that are supposed to always be at somthing around 364 has droped to 215......hmmmmm
 
Haha...Well I can't say much, otherwise I would be taking business away from the un-named then named AV company. I am not going to get real technical because I am not getting paid for this, I am just trying to help out. Symantec is the world leader in AV protection. They now have full protection against this threat only 6 hours after its discovery. You can download Final Release definitions now from the Symantec Web site which will detect and remove this threat from safe mode. For more information, I highly recommend visiting:

http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html

This will explain everything you need and want to know about the virus, including msboost.exe, and why formatting the hard drive doesn't fix anything.

Also the newest definitions, which are NO LONGER BETA, can be obtained at the following address:

http://securityresponse.symantec.com/avcenter/download.html

Thanks...
Will
 
Originally posted by b2bomber81
You know this virus is going to be a particularly bad problem with people that have DSL or Cable connections. Especially for those of you that say you have reformatted your hard drive, yet the MSBLAST file is still there... I'd be interested in knowing how many of you that have experienced this reformat problem, have DSL or Cable internet connections - you are probably redownloading the infected file as soon as you get the system reloaded and reconnected to the internet.
Click to expand...
Now wait a minute, we dont' get much traffic, then we get 40,000+ views on this thread by the time I post this, its hard to moderate the bull that flows through here with that amount of traffic. This NT athourity issue WILL NOT SURVIVE A FORMAT, wow, hopefully nobody tossed their PC into the bonfire on that issue or bought a new one or somethign. Sometimes you really have to step back and think about how logical something is before you dive head first into it.
 
Ok, I read the first 7 pages or so, and after all the long big confusing words I got confused.

I know more about the computer than the average joe, but most of these guys know 10 times as much as I do.

My mom started getting the NT Authority Error last night, saying something about RPC terminated unexpecdtly.

After experminting some, I found that it only shuts down when Im connected to the internet. So I went into my closet and found Norton System Works 2002/ Anti Virus 2002/ Personal Firewall 2002, and downloaded updates for all three. I had to keep trying to get around the NT Authority deal.

After I installed and scanned it multiple times, I turned on the internet and search for "NT Authority/System" on Google and found this thread. I never found MSblast in my Processes though, just a lot of Svchost.exe

I tried that deal on the third page about going into control panel and that seems to be working as well. When I go to download the patch it tells me Update.inf is missing :-(

I have 5 svchost.exe running as well, 3 system, one Local Service, and one Network Service.

Svchost.exe system - 3,096 k
Svchost.exe system - 3,928 k
Svchost.exe system - 17,904 k
Svchost.exe Local Service - 3,516 k
Svchost.exe Network Service - 2,352 k

I am running XP Pro, Dead Aim w/ AIM 5.2, Windows Messenger. I do not have MSN Messenger 6.0.

I have Comcast Cable Internet, located in Mesquite, Texas. Anything else you need to know/want to know tell me.

edit: Just tried to install the patch again and I got this error

"Setup could not verify the integrity of the file Update.inf. Make sure the Cryptographic service is running on this computer."
 
this virus can block u from downloading the patch, although iv never heard of it doing that yet

by the way i'v just seen the news on tv and they are already reporting this virus
 
Originally posted by Will
Haha...Well I can't say much, otherwise I would be taking business away from the un-named then named AV company. I am not going to get real technical because I am not getting paid for this, I am just trying to help out. Symantec is the world leader in AV protection. They now have full protection against this threat only 6 hours after its discovery. You can download Final Release definitions now from the Symantec Web site which will detect and remove this threat from safe mode. For more information, I highly recommend visiting:

http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html

This will explain everything you need and want to know about the virus, including msboost.exe, and why formatting the hard drive doesn't fix anything.

Also the newest definitions, which are NO LONGER BETA, can be obtained at the following address:

http://securityresponse.symantec.com/avcenter/download.html

Thanks...
Will
Click to expand...

Thanks Will. Maybe I am a little thick headed, but I am still not seeing any confirmation that the worm is causing the NT Authority shut down. My consern is that these are 2 different things joined together, if you catch my meaning. Obviously you can not give away the farm, but I have to wonder about this. If you have the time to read through all of this thread, you will see that there is evidence of multiple things at work. This is also what I found in the field on others PC's today. I don't understand why this worm would shut down the pc, when it is trying to propagate.Maybe you can get clearence to clarify this, or get someone who can. Otherwise, I worry about legtimacy here. Anyone can say "I am with the mob", but not every one knows Big Toni. This is not a test, just a plea for more legit info.
 
i recall reading something saying you get the error message and the comp shuts down because it (the virus/hacker/whatever) sends incorrect information which leads to the error........but what do i know, ive been dealing with this damn thing for 2 weeks and im tired.
 
its been happening to me whole day today

every time i connect to the internet and go to google to search for the problem it restarts my comp
i hope this thing fixes the problem
 
HAHA! I think I beat the worm! I ended msblast.exe from the task manager and ran Norton to find the virus. It was able to delete it after that. If that doesn't work, you should be able to delete it yourself. Also, turn on your firewall!!!
 

Similar threads

A
Windows Remote Desktop Protocol contains a login backdoor Microsoft refuses to fix
2
Replies
37
Views
384
Raytrace3D
Raytrace3D
A
Microsoft's latest Windows security update creates an empty folder you should not delete
Replies
17
Views
204
brunocasarini
brunocasarini
A
Microsoft brings hot patching to Windows Server, reboot-free updates
Replies
1
Views
58
NumberNine
NumberNine

Latest posts

Back