In news:703tb.8215$,
Fludge <> wrote these words:
| "Oldus Fartus" <> wrote in message
| news:bp23g2$2dej$...
|| In news:U60tb.8128$,
|| Fludge <> wrote these words:
||
||| Hi.
||| My brother has xp, personally, I've never even seen it, so I have no
||| idea what's going on here, can someone help?
|||
||| Last night he rang and said that when logging on to the web, he'd be
||| connected for about three minutes, and then get a message in the
||| middle of the screen; that says something like, 'system shutdown.
||| please save all unsaved material'. This is by no means an exact
||| quote, I can't remember whatit said exactly. There's also a counter
||| that counts down from one minute to zero, at which point the laptop
||| totally reboots with no prompting.
|||
||| He's finding it very annoying, since it only gives him about three
||| minutes online. It doesn't happen normally, only when he dials up
||| the net. Any ideas? Thanks.
||
||
|| Check out
||
|
http://securityresponse.symantec.com...aster.worm.htm
| l
||
|| --
|| Cheers
|| Oldus Fartus
||
||
|
| So you're saying this is the blaster worm, and that updated virus
| definitions should axe it? Only problem being he can get no more
| than three minutes online at a time, and therefore can't update the
| virus def's.
I think there is a very good possibility as the symptoms do fit.
http://www.hkcert.org/valert/vinfo/w...ster.worm.html has some good
instructions for cleaning the system.
Copied from there:
"1. Stop WinXP machines from continuously rebooting (skip for Win2000
and WinNT)
Infected WinXP machines reboots continuously once connected to network.
So we have to disconnect the WinXP from network and change the setting
to "no reboot" before we apply patch and clean up the worm. Lastly we
will resume the WinXP settings we change.
DO NOT connect to Internet (If using broadband connection, power off the
broadband network device).
Click "Start". Choose "Run". In the Run windows, enter "services.msc".
Then press "OK"
The "Services" window appears. Please locate "Remote Procedure Call
(RPC)" and then double click on it.
The "Remote Procedure Call (RPC) Properties" window appears. Select
"Recovery" Tab. Change the settings of "First failure", "Second Failure"
and "Subsequent Failures" to "Take No Action". Then press "OK".
Reconnect the Internet connection (If using broadband network, power on
the broadband network device again)"
Rather than repeat the whole text from the URL, your friend then has to
download the patch for the RPC vulnerability from the links given.
Then he will need to download and run one of the utilities to remove the
worm. One of them can be found at
http://securityresponse.symantec.com...r/FixBlast.exe
You might gently point out to your friend that this particular nasty has
been around since about August that I know of, and the majority of AV
programs should have picked it up. This would seem to suggest he
either is not running one, or else does not keep up with either AV or
Windows Updates.
--
Cheers
Oldus Fartus
Similar Threads
