Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Computer Support (http://www.velocityreviews.com/forums/f33-computer-support.html)
-   -   Help a friend in need (http://www.velocityreviews.com/forums/t196671-help-a-friend-in-need.html)

BIGEYE 04-11-2004 02:40 PM

Help a friend in need
 
Friend of mine has a problem with his pc. After it boots up, it shuts itself
down again after about a minute. This is all the info I have just now.
Suspect this could be a virus as I seem to recall reading something about
this.
Please advise on how to fix.
TIA



-= Hawk =- 04-11-2004 03:10 PM

Re: Help a friend in need
 
On Sun, 11 Apr 2004 15:40:54 +0100, "BIGEYE" <PatchWindows@MSpatch.com>
scribbled:

>Friend of mine has a problem with his pc. After it boots up, it shuts itself
>down again after about a minute. This is all the info I have just now.
>Suspect this could be a virus as I seem to recall reading something about
>this.
>Please advise on how to fix.


Sounds like a heat problem.

--
'What Profiteth It A Kingdom If The Oxen Be Deflated?'
Riddles II, v3
- T. Pratchett

BIGEYE 04-11-2004 03:21 PM

Re: Help a friend in need
 
Wasn't there a virus going about a couple of months ago which did this to
infected pc's?

"-= Hawk =-" <hawk@Spam-Me-Not.cfl.rr.com> wrote in message
news:vvni705fav01qpvj0l3vfgb65nmrv8fn3q@news-server...
> On Sun, 11 Apr 2004 15:40:54 +0100, "BIGEYE" <PatchWindows@MSpatch.com>
> scribbled:
>
> >Friend of mine has a problem with his pc. After it boots up, it shuts

itself
> >down again after about a minute. This is all the info I have just now.
> >Suspect this could be a virus as I seem to recall reading something about
> >this.
> >Please advise on how to fix.

>
> Sounds like a heat problem.
>
> --
> 'What Profiteth It A Kingdom If The Oxen Be Deflated?'
> Riddles II, v3
> - T. Pratchett




-= Hawk =- 04-11-2004 03:24 PM

Re: Help a friend in need
 
On Sun, 11 Apr 2004 16:21:44 +0100, "BIGEYE" <PatchWindows@MSpatch.com>
scribbled:

>Wasn't there a virus going about a couple of months ago which did this to
>infected pc's?


Beats me, I don't get viruses.... like I said, to me, it sounds like
heat.

--
'What Profiteth It A Kingdom If The Oxen Be Deflated?'
Riddles II, v3
- T. Pratchett

THEOLDONE 04-11-2004 03:36 PM

Re: Help a friend in need
 
It's a Virus. I just received an "Urgent" from Dell, via their "Dell Suports
Alert" that tells about this virus and what it does. I performs shut downs
that U describe...Dell instructs you on how to remove. try the Dell site to
C if they have available for non Dell users.

HTH
"-= Hawk =-" <hawk@Spam-Me-Not.cfl.rr.com> wrote in message
news:vvni705fav01qpvj0l3vfgb65nmrv8fn3q@news-server...
> On Sun, 11 Apr 2004 15:40:54 +0100, "BIGEYE" <PatchWindows@MSpatch.com>
> scribbled:
>
> >Friend of mine has a problem with his pc. After it boots up, it shuts

itself
> >down again after about a minute. This is all the info I have just now.
> >Suspect this could be a virus as I seem to recall reading something about
> >this.
> >Please advise on how to fix.

>
> Sounds like a heat problem.
>
> --
> 'What Profiteth It A Kingdom If The Oxen Be Deflated?'
> Riddles II, v3
> - T. Pratchett




BIGEYE 04-11-2004 04:30 PM

Re: Help a friend in need
 
Thanks all. Much appreciated.
"THEOLDONE" <omnis1@comcast.net> wrote in message
news:vZGdnZDvtalk-OTdRVn-ig@comcast.com...
> It's a Virus. I just received an "Urgent" from Dell, via their "Dell

Suports
> Alert" that tells about this virus and what it does. I performs shut

downs
> that U describe...Dell instructs you on how to remove. try the Dell site

to
> C if they have available for non Dell users.
>
> HTH
> "-= Hawk =-" <hawk@Spam-Me-Not.cfl.rr.com> wrote in message
> news:vvni705fav01qpvj0l3vfgb65nmrv8fn3q@news-server...
> > On Sun, 11 Apr 2004 15:40:54 +0100, "BIGEYE" <PatchWindows@MSpatch.com>
> > scribbled:
> >
> > >Friend of mine has a problem with his pc. After it boots up, it shuts

> itself
> > >down again after about a minute. This is all the info I have just now.
> > >Suspect this could be a virus as I seem to recall reading something

about
> > >this.
> > >Please advise on how to fix.

> >
> > Sounds like a heat problem.
> >
> > --
> > 'What Profiteth It A Kingdom If The Oxen Be Deflated?'
> > Riddles II, v3
> > - T. Pratchett

>
>




PuppyKatt 04-11-2004 04:32 PM

Re: Help a friend in need
 
Sounds like the Blaster virus. What Operating System does your friend
have?

"BIGEYE" <PatchWindows@MSpatch.com> wrote in message
news:gRcec.31986$Y%6.3990582@wards.force9.net...
: Friend of mine has a problem with his pc. After it boots up, it shuts
itself
: down again after about a minute. This is all the info I have just now.
: Suspect this could be a virus as I seem to recall reading something
about
: this.
: Please advise on how to fix.
: TIA
:
:



tigercat 04-11-2004 05:28 PM

Re: Help a friend in need
 
good luck, my brother recently had the same problem. the virus was laying
dorment on his Windows ME system and didn't manifest itelf until he upgraded
to Win XP.


http://www.microsoft.com/security/incident/blast.asp

http://securityresponse.symantec.com...aster.worm.rem
oval.tool.html

http://securityresponse.symantec.com...r/FixBlast.exe



FROM SYMANTEC......


W32.Blaster.Worm Removal Tool
Discovered on: August 11, 2003
Last Updated on: April 1, 2004 04:50:15 PM GDT


Version 1.0.6.1 of the W32.Blaster.Worm Removal Tool will remove the
following threats as well as their side effects:
W32.Blaster.Worm
W32.Blaster.B.Worm
W32.Blaster.C.Worm
W32.Blaster.D.Worm
W32.Blaster.E.Worm
W32.Blaster.F.Worm


Important Notes:
W32.Blaster.Worm exploits the DCOM RPC vulnerability. This is described in
Microsoft Security Bulletin MS03-026, and a patch is available there. You
must download and install the patch. In many cases, you will need to do this
before continuing with the removal instructions. If you are not able to
remove the infection or prevent re-infection using the following
instructions, first download and install the patch.

Additional information, and an alternate site from which to download the
Microsoft patch is available in the Microsoft article What You Should Know
About the Blaster Worm and Its Variants.

Because of the way the worm works, it may be difficult to connect to the
Internet to obtain the patch, definitions, or removal tool before the worm
shuts down the computer. It has been reported that, for users of Windows XP,
activating the Windows XP firewall may allow you to download and install the
patch, obtain virus definitions, and run the removal tool. This may also
work with other firewalls, although this has not been confirmed.

What the tool does
The W32.Blaster.Worm Removal Tool does the following:
Terminates the W32.Blaster.Worm viral processes.
Deletes the W32.Blaster.Worm files.
Deletes the dropped files.
Deletes the registry values that have been added.

Command-line switches available with this tool


Switch


Description

/HELP, /H, /?
Displays the help message.

/NOFIXREG
Disables registry repair. (We do not recommend using this switch.)

/SILENT, /S
Enables silent mode.

/LOG=<path name>
Creates a log file where <path name> is the location in which to store the
tool's output. By default, this switch creates the log file, FixBlast.log,
in the same folder from which the removal tool was executed.

/MAPPED
Scans the mapped network drives. (We do not recommend using this switch.
Refer to the following Notes.)

/START
Forces the tool to immediately start scanning.

/EXCLUDE=<path>
Excludes the specified <path> from scanning. (We do not recommend using this
switch.)

Note: Using the /MAPPED switch does not ensure the complete removal of the
virus on the remote computer, because:
Scanning the mapped drives scans the mapped folders only. This action may
not include all the folders on the remote computer, leading to missed
detections.
If a viral file is detected on the mapped drive, the removal will fail if a
program on the remote computer uses this file.

For these reasons, run the tool on every computer.

Restoring Internet connectivity and preventing the computer from shutting
down
In many cases, on both Windows 2000 and XP, changing the settings for the
Remote Call Procedure (RPC) service may allow you to connect to the Internet
to obtain downloads, and will stop the computer from shutting down.

Click Start > Run. (The Run dialog box appears.)
Type:

SERVICES.MSC /S

in the open line, and then click OK. (The Services window opens.)


In the right pane, locate the Remote Procedure Call (RPC) service.



CAUTION: A service named Remote Procedure Call (RPC) Locator exists. Do not
confuse the two.


Right-click the Remote Procedure Call (RPC) service, and then click
Properties.
Click the Recovery tab.
Using the drop-down lists, change First failure, Second failure, and
Subsequent failures to "Restart the Service."
Click Apply, and then click OK.


CAUTION: Make sure that you change these settings back once you have removed
the worm.

Obtaining and running the tool

Note: You need administrative rights to run this tool on Windows 2000 or
Windows XP.

WARNING: For network administrators. If you are running MS Exchange 2000
Server, we recommend that you exclude the M drive from the scan by running
the tool from a command line with the Exclude switch. For more information,
read the Microsoft knowledge base article, "XADM: Do Not Back Up or Scan
Exchange 2000 Drive M" (Article 298924).
Download the FixBlast.exe file from:

http://securityresponse.symantec.com...r/FixBlast.exe



Save the file to a convenient location, such as your downloads folder or the
Windows Desktop (or removable media that is known to be uninfected, if
possible).
To check the authenticity of the digital signature, refer to the section,
"Digital signature."
Close all the running programs before running the tool.
If you are running Windows XP, then disable System Restore. Refer to the
section, "System Restore option in Windows Me/XP," for additional details.


CAUTION: If you are running Windows XP, we strongly recommend that you do
not skip this step. The removal procedure may be unsuccessful if Windows XP
System Restore is not disabled, because Windows prevents outside programs
from modifying System Restore.

Double-click the FixBlast.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.


Note: If, when running the tool, you see a message that the tool was not
able to remove one or more files, run the tool in Safe mode. Shut down the
computer, turn off the power, and wait 30 seconds. Restart the computer in
Safe mode and then run the tool again. All the Windows 32-bit operating
systems, except Windows NT, can be restarted in Safe mode. For instructions,
read the document "How to start the computer in Safe Mode."

Restart the computer.
Run the removal tool again to ensure that the system is clean.
If you are running Windows XP, then re-enable System Restore.
Run LiveUpdate to make sure that you are using the most current virus
definitions.

When the tool has finished running, you will see a message indicating
whether W32.Blaster.Worm infected the computer. In the case of a worm
removal, the program displays the following results:
Total number of the scanned files
Number of deleted files
Number of terminated viral processes
Number of fixed registry entries

Digital signature
FixBlast.exe is digitally signed. Symantec recommends that you only use
copies of FixBlast.exe that have been directly downloaded from the Symantec
Security Response Web site. To check the authenticity of the digital
signature, follow these steps:
Go to http://www.wmsoftware.com/free.htm.
Download and save the Chktrust.exe file to the same folder in which you
saved FixBlast.exe (for example, C:\Downloads).
Depending on your operating system, do one of the following:
Click Start, point to Programs, and then click MS-DOS Prompt.
Click Start, point to Programs, click Accessories, and then click Command
Prompt.


Change to the folder in which FixBlast.exe and Chktrust.exe are stored, and
then type:

chktrust -i FixBlast.exe

For example, if you saved the file to the C:\Downloads folder, you would
enter the following commands:

cd\
cd downloads
chktrust -i FixBlast.exe

Press Enter after typing each command. If the digital signature is valid,
you will see the following:

Do you want to install and run "W32.Blaster.Worm Removal Tool" signed on
9/1/2003 3:17 PM and distributed by Symantec Corporation?


Notes:
The date and time displayed in this dialog box will be adjusted to your time
zone if your computer is not set to the Pacific time zone.
If you are using Daylight Saving time, the displayed time will be exactly
one hour earlier.
If this dialog box does not appear, there are two possible reasons:
The tool is not from Symantec. Unless you are sure that the tool is
legitimate and that you downloaded it from the legitimate Symantec Web site,
do not run it.
The tool is from Symantec and is legitimate, however, your operating system
was previously instructed to always trust content from Symantec. For
information on this and on how to view the confirmation dialog again, read
the document "How to restore the Publisher Authenticity confirmation dialog
box."


Click Yes to close the dialog box.
Type Exit, and then press Enter. This will close the MS-DOS session.

System Restore option in Windows XP
Users of Windows XP should temporarily turn off System Restore. Windows XP
uses this feature, which is enabled by default, to restore the files on your
computer in case they become damaged. If a virus, worm, or Trojan infects a
computer, System Restore may back up the virus, worm, or Trojan on the
computer.

Windows prevents outside programs, including antivirus programs, from
modifying System Restore. Therefore, antivirus programs or tools cannot
remove threats in the System Restore folder. As a result, System Restore has
the potential of restoring an infected file on your computer, even after you
have cleaned the infected files from all the other locations.

Also, in some cases, online scanners may detect a threat in the System
Restore folder even though you scanned your computer with an antivirus
program and did not find any infected files.

For instructions on how to turn off System Restore, read your Windows
documentation, or the article "How to turn off or turn on Windows XP System
Restore"


How to run the tool from a floppy disk
Insert the floppy disk, which contains the FixBlast.exe file, in the floppy
disk drive.
Click Start, and then click Run.
Type the following:

a:\FixBlast.exe

and then click OK:

Note: There are no spaces in the command, a:\FixBlast.exe.


Click Start to begin the process, and then allow the tool to run.
If you are using Windows Me, re-enable System Restore.


Revision History:

September 1, 2003: Posted version 1.0.6.1 with support for variants through
F.
August 20, 2003: Added information regarding running the tool on Exchange
servers.
August 14, 2003: Posted version 1.0.4 with added support for
W32.Blaster.C.Worm.
August 13, 2003: Posted version 1.0.2 with added support for
W32.Blaster.B.Worm.





================================================== =========================
AND FROM MICROSOFT..........................


What You Should Know About the Blaster Worm and Its Variants

Published: August 11, 2003 | Updated: January 22, 2004


At 11:34 A.M. Pacific Time on August 11, Microsoft began investigating a
worm reported by Microsoft Product Support Services (PSS). The worm,
W32.Blaster.Worm and its variants, exploits a security issue that was
addressed by Microsoft Security Bulletin MS03-026. This worm also has the
potential to exploit a similar issue that is addressed by Microsoft Security
Bulletin MS03-039. These issues concern the Remote Procedure Call (RPC)
function.
Important Information

Download the update directly from the Microsoft Download Center and install
it
Who Is Vulnerable?

Your computer is not vulnerable to the Blaster worm if you downloaded and
installed the security update that was addressed by Security Bulletin
MS03-026 prior to August 11, the date the Blaster worm was discovered.
However, you will need to download and install the update addressed by
Security Bulletin MS03-039 in order to help ensure that you are not
vulnerable to future variants of the Blaster worm.
Products Affected by This Worm
Microsoft Windows NTŪ 4.0
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows ServerT 2003
Products Not Affected by This Worm
Microsoft Windows Millennium (Windows Me)

Note Microsoft Windows 98, Windows 98 Second Edition (SE), and Microsoft
Windows 95 also are not affected by this issue. However, these products are
no longer supported. Users of these products are strongly encouraged to
upgrade to later versions.

How to Tell If the Worm Is Affecting Your Computer

Some customers whose computers have been infected may not notice the
presence of the worm at all, while others who are not infected may
experience problems because the worm is attempting to attack their computer.
Typical symptoms may include Windows XP and Windows Server 2003 systems
rebooting every few minutes without user input, or Windows NT 4.0 and
Windows 2000 systems becoming unresponsive.



Shutdown error. If your computer is infected, you may see this error
message.

Whether you are experiencing these symptoms or not, Microsoft recommends
that you take the following action immediately:
If you're running Windows XP or Windows 2000, follow all Steps 1-4 for home
users below.
If you're running Windows Server 2003 or Windows NT 4.0, follow Steps 1-3
for home users below.
Action for Network Administrators

Microsoft recommends that network administrators take the following action
immediately:
Read the Microsoft Product Support Services (PSS) Security Response Team
alert for technical guidance.
4 Steps for Home Users

If you are using Windows NT 4.0, Windows 2000, Windows XP, or Windows Server
2003, you should follow the steps in this sequence to help protect your
computer and to recover if your computer has been infected.
1. Enable a Firewall


Make sure you have a firewall activated to help protect your computer
against infection before you take other steps. If your computer has been
infected, activating firewall software will help limit the effects of the
worm on your computer.

The latest Windows operating systems have a firewall built in. Windows XP
and Windows Server 2003 users should print or save the following
instructions for how to enable their firewall.

If your computer is rebooting repeatedly, disconnect from the Internet
before you enable your firewall. To disconnect your computer from the
Internet:
Broadband connection users: Locate the telephone cable that runs from your
external DSL or cable modem and unplug that cable either from the modem or
from the telephone jack.
Dial-up connection users: Locate the telephone cable that runs from the
modem inside your computer to your telephone jack and unplug that cable
either from the telephone jack or from your computer.

Follow the instructions provided for your operating system, and then
reconnect to the Internet.
Windows XP users: Click here for instructions.
Windows Server 2003 users: Click here for instructions.
Windows NT 4.0 and Windows 2000 users: You will need to install a
third-party firewall. Most firewall software for home users is available in
free or trial versions. Check the following resources for more information
on personal firewalls:
McAfee Security
Symantec
ZoneAlarm Pro (Zone Labs)
Tiny Personal Firewall (Tiny Software)
BlackICE PC Protection (Internet Security Systems)
Windows 2000 users: Alternatively, you can take steps to block the affected
ports so that your computer can be updated. Here are some modified
instructions from the TechNet article HOW TO: Configure TCP/IP Filtering in
Windows 2000.
2. Update Windows


If you have disconnected from the Internet, remember to reconnect before you
take next steps. Download and install the security update addressed in
Security Bulletin MS03-039 (824146) for the version of Windows that you are
using from Windows Update.

When you get to the Windows Update site, scan your computer for any critical
updates that you need, and then install them. To do that:
Click Scan for Updates next to the green arrow near the center of your
screen.
Note It may take several minutes for the scan to complete.
After the scan completes, under Pick updates to install on the left side of
your screen, click Critical Updates and Service Packs.
A list of updates appears. The update related to Security Bulletin MS03-039
is identified by the number 824146.
Click Review and install updates near the center of your screen to begin
downloading and installing the updates.
Get the Security Update from Windows Update
Click here to go to the Windows Update website.
3. Use Antivirus Software


Use antivirus software and make sure you have the latest updates installed.
There are several variants of this worm, and the most up-to-date information
about them can be found at your antivirus vendor's website.
If you already have antivirus software installed, go to your antivirus
vendor's website to get the latest updates, also known as virus definitions.
If you do not have antivirus software installed, get it. The following
vendors participating in the Microsoft Virus Information Alliance (VIA)
offer antivirus products for home users:
Network Associates
Trend Micro
Symantec

Learn about Microsoft's Virus Information Alliance.
4. Remove the Worm


If you think there is even the slightest possibility that your computer
might be infected, use the free worm removal tool available at your
preferred antivirus software vendor's website:
Network Associates
Trend Micro
Symantec
Computer Associates
For Technical Assistance

Contact your antivirus vendor for assistance with identifying or removing
virus or worm infections. If you need more help with virus-related issues,
please contact PSS. We are currently experiencing a high call volume and
apologize for any delay in responding.
For Microsoft Product Support Services within the United States and Canada,
call toll-free (866) PCSAFETY (727-2338).
For worldwide support, contact your local Microsoft office.




Manage Your Profile |Contact Us |E-Mail This Page



"BIGEYE" <PatchWindows@MSpatch.com> wrote in message
news:gRcec.31986$Y%6.3990582@wards.force9.net...
> Friend of mine has a problem with his pc. After it boots up, it shuts

itself
> down again after about a minute. This is all the info I have just now.
> Suspect this could be a virus as I seem to recall reading something about
> this.
> Please advise on how to fix.
> TIA
>
>




SgtMinor 04-11-2004 05:38 PM

Re: Help a friend in need
 
Do you get your email at http://www.mspatch.com?

BIGEYE wrote:
>
> Friend of mine has a problem with his pc. After it boots up, it shuts itself
> down again after about a minute. This is all the info I have just now.
> Suspect this could be a virus as I seem to recall reading something about
> this.
> Please advise on how to fix.
> TIA


BIGEYE 04-11-2004 07:11 PM

Re: Help a friend in need
 
No, why?

"SgtMinor" <Sarge@the.old.folks.home.invalid> wrote in message
news:40798286.8C08A659@the.old.folks.home.invalid. ..
> Do you get your email at http://www.mspatch.com?
>
> BIGEYE wrote:
> >
> > Friend of mine has a problem with his pc. After it boots up, it shuts

itself
> > down again after about a minute. This is all the info I have just now.
> > Suspect this could be a virus as I seem to recall reading something

about
> > this.
> > Please advise on how to fix.
> > TIA





All times are GMT. The time now is 05:31 AM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.