Whenever i get connected to the net, after a few minutes my operating system gets restarted automatically.Iam using Win-XP(professional).Is this some kind of virus? Please help me out of this problem. :confused:
Printable View
Whenever i get connected to the net, after a few minutes my operating system gets restarted automatically.Iam using Win-XP(professional).Is this some kind of virus? Please help me out of this problem. :confused:
Yes, there are some that do that.........
Please search for "Trend Microsystems" and run their online scanner
This may well solve your immediate problem.....................then come back with your report, as your system obviously neeeds some hardening.........you cannot do that until you have disposed of the malware :)
Good luck
EDIT: My sincere apologies for my bad manners.............welcome to AO..........I only just noticed that it was your first post :)
He may just have one of the MSBLASTER Varients or family friends... He will have to be very tolerant if he is to use that machine on the net..
Recommend a friend with a clean machine go to Misrocoft and download the removal tool and patch from there OR the removal tool from one of the Av Companies .. then the Patch from misrocoft.. which ever works..
,
MAke sure you have a firewall runniig.. even the Windoze firewall will do for a start
And In the mean time check if you have a process running like.. msblast, laugh.....
Oh and Welcome.. to A O
Cheers
You are right there Undies
He is on XP Pro, so should boot to network support.........that should let him into the net safely?
Also get the February 2000 Microsoft Windows Update CD..........lets you do all the security updates without being online :D
Cheers
Does this really happen only when you access the Internet or maybe during a game or while using a lot of resources out of the computer. What browswer are u using. You could also have a corrupted browser which might cause the PC to restart. If you have the msBlaster worm...here's the steps to remove it. It has also been mentioned in many tutorials and threads here in AO:
http://www.stonecomputers.com/blaster.cfmQuote:
STEP 1: Physically Disconnect from the Internet
This simple step will stop the error from recurring. Shutdown your computer. While the system is shut down, disconnect any network cable (such as local network, cable modem, DSL, broadband) from the back of the system. Turn on your computer. If using a dial-up (i.e., modem) connection, do not connect to the Internet.
STEP 2: Disable RPC Notification
To disable RPC Notification for your computer, follow the steps below:
Click the Start button, and then click Run.
In the Open box, type: Services.msc
Click the OK button. In the list of services scroll halfway to the bottom and double-click the first Remote Procedure entry.
Click the Recovery tab.
For all the failure dropdowns, click to select Take No Action.
Click the OK button to apply the changes.
Exit the services window by clicking the X in the upper right corner of the window.
NOTE: The RPC Service Notification can be re-enabled after the recommended patches are installed to test for this vulnerability. This step does not remove the virus nor patch the system.
STEP 3: Download Removal Tool and Microsoft Critical Update
Reconnect to the Internet You will need to reconnect to the Internet to download the files listed below.
NOTE: Both the removal tool and patch downloads should be installed after you have disconnected your system from the Internet a second time.
Free stand-alone virus/worm removal programs are available from Anti-Virus software providers such as Sophos, Symantec and McAfee. Click one of the links listed below and save it to your Windows Desktop:
Sophos: http://www.sophos.com/misc/blastsfx.exe
McAfee: http://download.nai.com/products/mca...rt/stinger.exe
Symantec: http://securityresponse.symantec.com...r/fixblast.exe
After either of these programs is downloaded, it is necessary to download the Critical Update as outlined below.
Download the Critical Update from Microsoft® Click the file for your OS listed below; and save it to your Windows Desktop:
For Microsoft® Windows® XP: WindowsXP-KB823980-x86-ENU.exe
For Microsoft® Windows® 2000: Windows2000-KB823980-x86-ENU.exe
After both updates have been downloaded, repeat the steps outlined in Physically Disconnect from the Internet above: Disconnect any network cable (such as local network, cable modem, DSL, broadband) from the back of the system. If using a dial-up (modem) connection, do not connect to the Internet.
Once disconnected, you are ready to install the downloaded files.
STEP 4: Install Removal Tools and Critical Update
The final steps in this process involve removing the virus and then patching the system to prevent this specific threat.
Disable System Restore
Before removing the virus, System Restore must be turned off:
Click the Start button, right-click My Computer, and then left-click Properties from the menu.
The System Properties window appears.
Click the System Restore tab.
Click to check Turn Off System Restore.
Click the OK button.
A System Restore window appears.
Click Yes to disable System Restore.
NOTE: After you have removed the virus and applied the patch, repeat these steps to re-enable System Restore. Having this feature enabled allows the system to return to a previous state with little effort.
Run Virus-Cleaning Tool
Find the downloaded file named either: blastsfx.exe, stinger.exe or fixblast.exe
Double-click the file to begin the removal of the virus.
NOTICE: Do not reboot the system or reconnect to the Internet until the Critical Update is installed. Click to deselect Reboot my Computer if that option is presented.
Install the Critical Update
On your desktop, double-click WindowsXP-KB823980-x86-ENU.exe to expand and execute the patch.
For Windows 2000 use Windows2000-KB823980-x86-ENU.exe
Follow the directions in the wizard to complete the installation.
Close all open programs including Internet Explorer.
The security patch should be applied when you restart Windows. After the system has rebooted, you may reconnect to the Internet.
How do I prevent W32/Blaster-A spreading on my network?
Network administrators are strongly advised to perform the following operations to limit the impact of the worm:
Update your anti-virus software with the latest virus definitions
Download and deploy Microsoft patch MS03-026
W32/Blaster-A exploits a vulnerability that can be patched. To read more about the vulnerability and download the patch for deployment, view Microsoft Security Bulletin MS03-026. On standalone computers, update with all relevant security patches from Windows update.
Administrators are advised to deploy the patch to internet enabled workstations and internal company networks, paying particular attention to proxy/gateway computers.
Rename tftp.exe
The worm utilises tftp.exe, a Windows native program. If tftp.exe exists on your network, and you have no business need for it, rename it (e.g. to tftp-exe.old). You should not delete it as future legitimate software may require it.
Block traffic to certain ports on your firewall
Administrators should block incoming traffic on the following ports:
tcp/69 (used by the TFTP process)
tcp/135 (used by RPC remote access)
tcp/4444 (used by this worm to connect)
This should primarily be implemented on your internet firewall. Where appropriate, you should also block access to these ports to prevent access from potentially infected non-trusted networks.
Just to be safe also run spybot, adaware and theCleaner to take those elements out of the discussion.
Welcome to AntiOnline and we hope you enjoy your stay.
Yes i understood the reason behind it. Thanks for the help. For those how don't know about it
visit http://www.microsoft.com/security/incident/blast.asp.
Glad we could help
Just as a tip!
If for some unexplainable reason you have to use your pc to conect to the net, there might be a problem. 'Cause as you know you only have a limited amount of of time to download the patch and update your av.
Might i suggest using dos in this case.
Step 1: Create a *.txt file
Step 2: Give it any name but raname it so it ends with *.bat
Step 3: Right click on the file and select <edit File>.
Step 4: Add this line to it " Shutdown -a " (without qutations), save it.
Now when you connect to the net and it gives you the 60 second countdown just double click on the file and the shutdown sequince will be aborted.
@odessa thats true but only if the shutdown isn't done by a NTauthority
(kill the pid of services.exe and try)