virus

Discussion in 'Computer Support' started by gronod, Apr 15, 2004.

  1. gronod

    gronod Guest

    Hi,
    A friends daughter's computer I believe has a virus, she cannot connect to
    internet for long, each time she gets a message something like " this
    connection will terminate in xx seconds. this is due to NT authority" she is
    not sure of the exact wording.
    I seem to recall a virus going the rounds about September last year that
    would trigger this message, there were some posts about this at the time,
    cannot recall how to get archive messages. Can anyone assist in naming the
    possible virus so I can download the removal tool and give her to try
    O/S is win XP home
    Thanx in advance
    Gordon
     
    gronod, Apr 15, 2004
    #1
    1. Advertising

  2. gronod

    Boomer Guest

    "gronod" <grdoon > wrote in
    news:GJsfc.8398$:

    > Hi,
    > A friends daughter's computer I believe has a virus, she cannot
    > connect to internet for long, each time she gets a message
    > something like " this connection will terminate in xx seconds.
    > this is due to NT authority" she is not sure of the exact wording.
    > I seem to recall a virus going the rounds about September last
    > year that would trigger this message, there were some posts about
    > this at the time, cannot recall how to get archive messages. Can
    > anyone assist in naming the possible virus so I can download the
    > removal tool and give her to try O/S is win XP home
    > Thanx in advance
    > Gordon


    Hi Gordon

    You can always search Googles archives
    (http://www.google.com/advanced_group_search) to find older messages.

    A quick search at Google.com
    "Results 1 - 100 of about 3,740 English pages for "nt authority" virus.
    (0.61 seconds)"
    Here's one of the 3,740 links.
    http://www.pchell.com/virus/msblast.shtml

    Hope this helps.
     
    Boomer, Apr 15, 2004
    #2
    1. Advertising

  3. gronod

    °Mike° Guest

    You are talking about the Blaster worm.

    <Canned response>

    Boot into Safe Mode and start your registry editor:
    Start / Run / regedit

    Navigate to:
    HKEY_LOCAL_MACHINE
    +Software
    +Microsoft
    +Windows
    +CurrentVersion
    +Run

    In the right-hand pane, look for any entry/ies that include
    MSBLAST.EXE, PENIS32.EXE, TEEKIDS.EXE, MSPATCH.EXE,
    MSLAUGH.EXE or ENBIEI.EXE .
    DELETE it/them.
    These are the files associated with the different variants:
    Variant A - msblast.exe
    Variant B - penis32.exe
    Variant C - teekids.exe
    Variant D - mspatch.exe
    Variant E - mslaugh.exe
    Variant F - enbiei.exe

    You just disabled the worm from running at startup, so boot into
    normal mode again, and turn off ALL system restores to purge
    your system.

    Open Windows Explorer to the ..\Windows\System32\ or
    ...\WinNT\System32\ folder and DELETE *any* of the
    files named above.

    Next, go to the ..\Windows\Prefetch\ or ..\WinNT\Prefetch\
    and find the reference to the above file/s (any reference will
    be similar to: <filename.exe>-<alphanumerics>.PF), for example,
    msblast.exe-0235D8H6.pf, and DELETE it/them.

    Now you can download and install the patch, configure your
    firewall and update your virus scanner.

    Virus Alert About the Blaster Worm and Its Variants
    http://support.microsoft.com/default.aspx?kbid=826955

    Microsoft Security Bulletin MS03-026
    http://www.microsoft.com/technet/security/bulletin/MS03-026.asp

    What you should know about the Blaster worm
    http://www.microsoft.com/security/incident/blast.asp

    Windows RPC DCOM Buffer Overflow Remote Exploit (MS03-026)
    http://www.k-otik.com/exploits/07.25.winrpcdcom.c.php

    How to Use The KB 823980 Scanning Tool to Identify Host Computers
    That Do Not Have The 823980 Security Patch (MS03-026) Installed
    http://support.microsoft.com/default.aspx?kbid=826369

    W32.Blaster.Worm
    http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html

    W32.Blaster.B.Worm
    http://www.symantec.com/avcenter/venc/data/w32.blaster.b.worm.html

    W32.Blaster.C.Worm
    http://www.symantec.com/avcenter/venc/data/w32.blaster.c.worm.html

    W32.Blaster.D.Worm
    http://www.symantec.com/avcenter/venc/data/w32.blaster.d.worm.html

    W32.Blaster.E.Worm
    http://www.symantec.com/avcenter/venc/data/w32.blaster.e.worm.html

    W32.Blaster.F.Worm
    http://www.symantec.com/avcenter/venc/data/w32.blaster.f.worm.html

    W32.Blaster.Worm Removal Tool
    http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html



    On Thu, 15 Apr 2004 10:37:48 +0100, in
    <GJsfc.8398$>
    "gronod" <grdoon > scrawled:

    >Hi,
    >A friends daughter's computer I believe has a virus, she cannot connect to
    >internet for long, each time she gets a message something like " this
    >connection will terminate in xx seconds. this is due to NT authority" she is
    >not sure of the exact wording.
    >I seem to recall a virus going the rounds about September last year that
    >would trigger this message, there were some posts about this at the time,
    >cannot recall how to get archive messages. Can anyone assist in naming the
    >possible virus so I can download the removal tool and give her to try
    >O/S is win XP home
    >Thanx in advance
    >Gordon
    >


    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
     
    °Mike°, Apr 15, 2004
    #3
  4. gronod

    Ron Martell Guest

    "gronod" <grdoon > wrote:

    >Hi,
    >A friends daughter's computer I believe has a virus, she cannot connect to
    >internet for long, each time she gets a message something like " this
    >connection will terminate in xx seconds. this is due to NT authority" she is
    >not sure of the exact wording.
    >I seem to recall a virus going the rounds about September last year that
    >would trigger this message, there were some posts about this at the time,
    >cannot recall how to get archive messages. Can anyone assist in naming the
    >possible virus so I can download the removal tool and give her to try
    >O/S is win XP home
    >Thanx in advance
    >Gordon
    >


    That computer has been infected by the Blaster virus/worm.

    1. Get the Blaster removal script from MVP Kelly Theriot's web site:
    http://www.kellys-korner-xp.com/regs_edits/msblast.vbs
    2. Get the Microsoft patch from
    http://support.microsoft.com/default.aspx?scid=kb;en-us;823980#WinXP

    If possible do the first two steps on an uninfected computer and copy
    the downloaded files to a 3.5 inch diskette (they will both fit on the
    same 1.44 mb diskette) or burn them to a CD

    3. Disconnect from the Internet. Unplug Cable/DSL modem if you have
    one. That prevents reinfection during the time interval between
    running the script and the completion of the patch installation.
    4. Run the script.
    5. Install the patch.
    6. Activate the Internet Connection Firewall in Windows XP
    7. Reconnect to the Internet. Update your antivirus software and do
    a complete scan.
    8. Go to the Windows Update and get all repeat all of the critical
    updates for your computer.

    Good luck


    Ron Martell Duncan B.C. Canada
    --
    Microsoft MVP
    On-Line Help Computer Service
    http://onlinehelp.bc.ca

    "The reason computer chips are so small is computers don't eat much."
     
    Ron Martell, Apr 15, 2004
    #4
  5. gronod

    gronod Guest

    Thanks all for assistance, told her to open task manager and check
    processes, she did and found msblast running, end process, but still could
    not access internet.
    will now print instructions and hand them to her mom.only had a computer for
    a few weeks and this had to happen.
    Once again, thanks all.
    Gordon
    "gronod" <grdoon > wrote in message
    news:GJsfc.8398$...
    > Hi,
    > A friends daughter's computer I believe has a virus, she cannot connect to
    > internet for long, each time she gets a message something like " this
    > connection will terminate in xx seconds. this is due to NT authority" she

    is
    > not sure of the exact wording.
    > I seem to recall a virus going the rounds about September last year that
    > would trigger this message, there were some posts about this at the time,
    > cannot recall how to get archive messages. Can anyone assist in naming the
    > possible virus so I can download the removal tool and give her to try
    > O/S is win XP home
    > Thanx in advance
    > Gordon
    >
    >
     
    gronod, Apr 15, 2004
    #5
  6. gronod

    The Prophecy Guest

    Simply ending the process will not fix the problem. Download the removal
    tool from Symantec here:

    http://securityresponse.symantec.com/avcenter/FixBlast.exe

    Then download the patch from Microsoft for your specific Operating System.

    For Windows XP (Pro and Home):
    http://download.microsoft.com/downl...e-b7a52a983f01/WindowsXP-KB823980-x86-ENU.exe

    For Windows 2000:
    http://download.microsoft.com/downl...b4b9d42049d5/Windows2000-KB823980-x86-ENU.exe

    I would advise that you install a firewall as well. If you have Windows XP
    do NOT use the one that is built in, as it does not provide enough
    protection. If you want to pay for a firewall, I suggest Norton Internet
    Security 2004. If you do not want to pay for a firewall, the best free one I
    know of is ZoneAlarm.

    ZoneAlarm Firewall:
    http://download.zonelabs.com/bin/free/1012_zl/zlsSetup_45_594_000.exe

    gronod wrote:
    > Thanks all for assistance, told her to open task manager and check
    > processes, she did and found msblast running, end process, but still
    > could not access internet.
    > will now print instructions and hand them to her mom.only had a
    > computer for a few weeks and this had to happen.
    > Once again, thanks all.
    > Gordon
    > "gronod" <grdoon > wrote in message
    > news:GJsfc.8398$...
    >> Hi,
    >> A friends daughter's computer I believe has a virus, she cannot
    >> connect to internet for long, each time she gets a message something
    >> like " this connection will terminate in xx seconds. this is due to
    >> NT authority" she is not sure of the exact wording.
    >> I seem to recall a virus going the rounds about September last year
    >> that would trigger this message, there were some posts about this at
    >> the time, cannot recall how to get archive messages. Can anyone
    >> assist in naming the possible virus so I can download the removal
    >> tool and give her to try
    >> O/S is win XP home
    >> Thanx in advance
    >> Gordon
     
    The Prophecy, Apr 16, 2004
    #6
  7. gronod

    Ron Martell Guest

    "The Prophecy" <> wrote:


    >I would advise that you install a firewall as well. If you have Windows XP
    >do NOT use the one that is built in, as it does not provide enough
    >protection.


    Balderdash. Hogwash. Malarkey.

    The internal firewall in Windows XP is as good as any commercial
    product at preventing outside intruders. A computer with the XP
    internal firewall active is totally, completely, and absolutely immune
    to infection by the Blaster virus or any of its variants.


    >If you want to pay for a firewall, I suggest Norton Internet
    >Security 2004.


    For many users Norton 2004 causes more problems than it could ever
    possibly prevent. The worst possible choice in my opinion (well
    perhaps McAfee might be a bit worse).


    > If you do not want to pay for a firewall, the best free one I
    >know of is ZoneAlarm.
    >
    >ZoneAlarm Firewall:
    >http://download.zonelabs.com/bin/free/1012_zl/zlsSetup_45_594_000.exe
    >


    Some Internet service providers refuse to provide technical support
    for any Internet connection related problems so long as Zone Alarm is
    installed on the computer.


    Ron Martell Duncan B.C. Canada
    --
    Microsoft MVP
    On-Line Help Computer Service
    http://onlinehelp.bc.ca

    "The reason computer chips are so small is computers don't eat much."
     
    Ron Martell, Apr 17, 2004
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Phil B

    Virus, Virus, Virus.....

    Phil B, Sep 22, 2003, in forum: Computer Support
    Replies:
    2
    Views:
    611
    DaveW
    Sep 22, 2003
  2. DS

    Virus in virus?

    DS, Feb 8, 2004, in forum: Computer Support
    Replies:
    3
    Views:
    536
  3. Dangermouse

    virus or not virus

    Dangermouse, Oct 12, 2005, in forum: Computer Support
    Replies:
    5
    Views:
    557
    ellis_jay
    Oct 13, 2005
  4. Peter Maurice Cram

    Norton virus protection shutsdown - virus?

    Peter Maurice Cram, Sep 11, 2004, in forum: Computer Information
    Replies:
    2
    Views:
    643
    WebWalker
    Sep 12, 2004
  5. brenda

    Virus Virus

    brenda, Oct 15, 2007, in forum: Computer Support
    Replies:
    11
    Views:
    1,001
    Desk Rabbit
    Oct 16, 2007
Loading...

Share This Page