Is this a virus?
Results 1 to 9 of 9

Thread: Is this a virus?

  1. #1
    Junior Member
    Join Date
    Mar 2004
    Posts
    6

    Exclamation Is this a virus?

    Whenever i get connected to the net, after a few minutes my operating system gets restarted automatically.Iam using Win-XP(professional).Is this some kind of virus? Please help me out of this problem.

  2. #2
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,178
    Yes, there are some that do that.........

    Please search for "Trend Microsystems" and run their online scanner

    This may well solve your immediate problem.....................then come back with your report, as your system obviously neeeds some hardening.........you cannot do that until you have disposed of the malware

    Good luck

    EDIT: My sincere apologies for my bad manners.............welcome to AO..........I only just noticed that it was your first post
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  3. #3
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    He may just have one of the MSBLASTER Varients or family friends... He will have to be very tolerant if he is to use that machine on the net..

    Recommend a friend with a clean machine go to Misrocoft and download the removal tool and patch from there OR the removal tool from one of the Av Companies .. then the Patch from misrocoft.. which ever works..
    ,
    MAke sure you have a firewall runniig.. even the Windoze firewall will do for a start

    And In the mean time check if you have a process running like.. msblast, laugh.....

    Oh and Welcome.. to A O


    Cheers
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  4. #4
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,178
    You are right there Undies

    He is on XP Pro, so should boot to network support.........that should let him into the net safely?

    Also get the February 2000 Microsoft Windows Update CD..........lets you do all the security updates without being online

    Cheers
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  5. #5
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,836
    Does this really happen only when you access the Internet or maybe during a game or while using a lot of resources out of the computer. What browswer are u using. You could also have a corrupted browser which might cause the PC to restart. If you have the msBlaster worm...here's the steps to remove it. It has also been mentioned in many tutorials and threads here in AO:

    STEP 1: Physically Disconnect from the Internet
    This simple step will stop the error from recurring. Shutdown your computer. While the system is shut down, disconnect any network cable (such as local network, cable modem, DSL, broadband) from the back of the system. Turn on your computer. If using a dial-up (i.e., modem) connection, do not connect to the Internet.
    STEP 2: Disable RPC Notification
    To disable RPC Notification for your computer, follow the steps below:
    Click the Start button, and then click Run.
    In the Open box, type: Services.msc
    Click the OK button. In the list of services scroll halfway to the bottom and double-click the first Remote Procedure entry.
    Click the Recovery tab.
    For all the failure dropdowns, click to select Take No Action.
    Click the OK button to apply the changes.
    Exit the services window by clicking the X in the upper right corner of the window.
    NOTE: The RPC Service Notification can be re-enabled after the recommended patches are installed to test for this vulnerability. This step does not remove the virus nor patch the system.

    STEP 3: Download Removal Tool and Microsoft Critical Update
    Reconnect to the Internet You will need to reconnect to the Internet to download the files listed below.
    NOTE: Both the removal tool and patch downloads should be installed after you have disconnected your system from the Internet a second time.
    Free stand-alone virus/worm removal programs are available from Anti-Virus software providers such as Sophos, Symantec and McAfee. Click one of the links listed below and save it to your Windows Desktop:

    Sophos: http://www.sophos.com/misc/blastsfx.exe
    McAfee: http://download.nai.com/products/mca...rt/stinger.exe
    Symantec: http://securityresponse.symantec.com...r/fixblast.exe

    After either of these programs is downloaded, it is necessary to download the Critical Update as outlined below.
    Download the Critical Update from Microsoft® Click the file for your OS listed below; and save it to your Windows Desktop:

    For Microsoft® Windows® XP: WindowsXP-KB823980-x86-ENU.exe
    For Microsoft® Windows® 2000: Windows2000-KB823980-x86-ENU.exe

    After both updates have been downloaded, repeat the steps outlined in Physically Disconnect from the Internet above: Disconnect any network cable (such as local network, cable modem, DSL, broadband) from the back of the system. If using a dial-up (modem) connection, do not connect to the Internet.

    Once disconnected, you are ready to install the downloaded files.

    STEP 4: Install Removal Tools and Critical Update
    The final steps in this process involve removing the virus and then patching the system to prevent this specific threat.
    Disable System Restore
    Before removing the virus, System Restore must be turned off:

    Click the Start button, right-click My Computer, and then left-click Properties from the menu.
    The System Properties window appears.
    Click the System Restore tab.
    Click to check Turn Off System Restore.
    Click the OK button.
    A System Restore window appears.
    Click Yes to disable System Restore.
    NOTE: After you have removed the virus and applied the patch, repeat these steps to re-enable System Restore. Having this feature enabled allows the system to return to a previous state with little effort.

    Run Virus-Cleaning Tool
    Find the downloaded file named either: blastsfx.exe, stinger.exe or fixblast.exe
    Double-click the file to begin the removal of the virus.

    NOTICE: Do not reboot the system or reconnect to the Internet until the Critical Update is installed. Click to deselect Reboot my Computer if that option is presented.

    Install the Critical Update
    On your desktop, double-click WindowsXP-KB823980-x86-ENU.exe to expand and execute the patch.
    For Windows 2000 use Windows2000-KB823980-x86-ENU.exe

    Follow the directions in the wizard to complete the installation.
    Close all open programs including Internet Explorer.
    The security patch should be applied when you restart Windows. After the system has rebooted, you may reconnect to the Internet.

    How do I prevent W32/Blaster-A spreading on my network?
    Network administrators are strongly advised to perform the following operations to limit the impact of the worm:

    Update your anti-virus software with the latest virus definitions
    Download and deploy Microsoft patch MS03-026
    W32/Blaster-A exploits a vulnerability that can be patched. To read more about the vulnerability and download the patch for deployment, view Microsoft Security Bulletin MS03-026. On standalone computers, update with all relevant security patches from Windows update.
    Administrators are advised to deploy the patch to internet enabled workstations and internal company networks, paying particular attention to proxy/gateway computers.
    Rename tftp.exe
    The worm utilises tftp.exe, a Windows native program. If tftp.exe exists on your network, and you have no business need for it, rename it (e.g. to tftp-exe.old). You should not delete it as future legitimate software may require it.
    Block traffic to certain ports on your firewall
    Administrators should block incoming traffic on the following ports:
    tcp/69 (used by the TFTP process)
    tcp/135 (used by RPC remote access)
    tcp/4444 (used by this worm to connect)
    This should primarily be implemented on your internet firewall. Where appropriate, you should also block access to these ports to prevent access from potentially infected non-trusted networks.
    http://www.stonecomputers.com/blaster.cfm


    Just to be safe also run spybot, adaware and theCleaner to take those elements out of the discussion.


    Welcome to AntiOnline and we hope you enjoy your stay.

  6. #6
    Junior Member
    Join Date
    Mar 2004
    Posts
    6

    Wink yes it is blaster worm

    Yes i understood the reason behind it. Thanks for the help. For those how don't know about it
    visit http://www.microsoft.com/security/incident/blast.asp.

  7. #7
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,836
    Glad we could help

  8. #8
    Junior Member
    Join Date
    Mar 2004
    Posts
    3
    Just as a tip!

    If for some unexplainable reason you have to use your pc to conect to the net, there might be a problem. 'Cause as you know you only have a limited amount of of time to download the patch and update your av.

    Might i suggest using dos in this case.

    Step 1: Create a *.txt file

    Step 2: Give it any name but raname it so it ends with *.bat

    Step 3: Right click on the file and select <edit File>.

    Step 4: Add this line to it " Shutdown -a " (without qutations), save it.

    Now when you connect to the net and it gives you the 60 second countdown just double click on the file and the shutdown sequince will be aborted.
    =Life is what you make of it, not what you want it to be=

  9. #9
    Senior Member
    Join Date
    Aug 2003
    Posts
    185
    @odessa thats true but only if the shutdown isn't done by a NTauthority
    (kill the pid of services.exe and try)
    Industry Kills Music.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides