"NT AUTHORITY\SYSTEM" Virus and fix

[jtval 0]

ok I ran the symantic, and my cpomputer still acts up..WTF? anyone know? I ran it again and it said ithe worm was not found. that should mean I am clear

My photos

My Videos

[wildblue 7]

jtval -
Start regedit, and look in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
see if there's a value "windows auto update"="msblast.exe"

Look through your processes (task manager) for Msblast.exe

If it's not in either place, you're probably ok.

Also, you could probably go to a command prompt, type
netstat
It's normal to have a handful of connections in there, but if you have a ton, to a bunch of different addresses, you could have a problem.

EDIT: Yes, you will stil want to get the MS patch so you don' t catch this again.
Go to http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp -- part way down is "Download locations for this patch" -- click on your OS.

EDIT 2: There's an easier way to keep your system from rebooting (rather than trying to beat it) on 2000 and XP. Go into "Services", find the RPC service (*not RPC Locator service*) go to properties, the recovery tab, and set all the failuer options to 'restart the service' -- don't forget to change this back when you're done fixing stuff.

it's like incest - you're substituting convenience for quality

[Brains 2]

Quote

ok I ran the symantic, and my cpomputer still acts up..WTF? anyone know? I ran it again and it said ithe worm was not found. that should mean I am clear

Jt, when i ran the symantic thing it didn't fix the problem . Kansasskydiver sent me a direct link to the microsoft patch, you have to install that also. It worked for me and Chris was cool enough to take time to talk me through it.

Never look down on someone, unless they are going down on you.

[kansasskydiver 0]

Here is an update on what ISP's are doing to resolve the blasterworm.

"FYI: SBC Will be blocking TCP and UDP ports 135, 139, and 445 due to the Msblast virus currently sweeping across the internet."

Just letting people know what's going on in the virus world. I get to see it first hand all day

<--- See look, pink dolphins DO exist!

[MattM 0]

Quote

Just letting people know what's going on in the virus world. I get to see it first hand all day

Me too.

Matt

[jtval 0]

hey chris,
Thanks for all the help!

I think My pc is bahaving...I wont know for about antoher 10 minutes

My photos

My Videos

[wildblue 7]

Quote

Quote

Just letting people know what's going on in the virus world. I get to see it first hand all day

Me too.

Curious - how did it even get internal on you?
My firewall alarms are going crazy with probes on port 135

it's like incest - you're substituting convenience for quality

[MattM 0]

Quote

Curious - how did it even get internal on you?
My firewall alarms are going crazy with probes on port 135

Corporate headquaters handles our firewall, so its all their fault.

Matt

[jtval 0]

it looks like I successfully d/l the [patch
Thanks guys!

My photos

My Videos

[kansasskydiver 0]

for everyone whom uses a "free" version of their software. here is the direct link to the windows patch, it doesn't scan for the ID of windows to install the updates

http://www.microsoft.com/downloads/details.aspx?displaylang=en&familyid=2354406c-c5b6-44ac-9532-3de40f69c074

<--- See look, pink dolphins DO exist!

[jtval 0]

(homer voice)mmm I like free

My photos

My Videos