BLASTER ?????

[monty2003]

OK - I got the nt authority/system iniatiated shut down problem...I downloaded the patch from microsoft and installed it -- and now I can access the net with no problem.

I can not find MSBLAST.EXE in the reg or anywhere else the threads have told me to look.

Also: When I Navigate to the key:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

I do not see the: "windows auto update"="msblast.exe"

Did the patch remove these things...

I am running a newer sysem with Xp -- so do I have to do something to the Mcafee software to upgrade it to remove this - I know that the patch could not be enough here -- that is way too easy...

Any help is greatly appreaciated...

Thanks

 

[smah]

Try any or all of these faq760-3862

 

[monty2003]

IS IT POSSIBLE TO HAVE THE PROBLEM WITHOUT HAVING AN ACTUALL VIRUS ON THE SYSTEM - I CAN NOT FIND EVIDENCE OF INFECTION AND MY VIRUS PROTECTION SHOULD BE UP TO DATE - UNLESS THE HACK MADE IT SO MY VIRUS PROTECTION WILL NOT UPDATE ITSELF - I WAS UNABLE TO DOWNLOAD AND INSTALL NEW SECURITY CRITIAL UPDATES LAST NIGHT ON MY SYSTEM????

 

[bcastner]

If you apply the batch you can prevent your machine rebooting for msblast, but you cannot stop the worm from trying to enter your system without a firewall.

The default firewall of XP is sufficient to stop attempts on your system. Enable it.

You should realize that the MS site is very busy right now, just keep trying.

My local paper said yestereday Microsoft had 40 million downloads of the patch.

If you are not now infected, enable the firewall. This will keep you from being infected.

 

[smah]

Quote: "I downloaded the patch from microsoft and installed it"

Quote: "I WAS UNABLE TO DOWNLOAD AND INSTALL NEW SECURITY CRITIAL UPDATES LAST NIGHT ON MY SYSTEM"


Huh? If there is not evidence of infection, you are probably not infected. Look in Add/Remove programs for WindowsXP Hotfix KB823980. If you have that, the patch is installed.

 

[monty2003]

I download the patch at another computer and ran it at home...

After I corrected the restarting problem I was unable to download and install the critical updates that microsoft has now and suggested i get and install...My isp connect sucks and that could be the problem but I'm just not sure...

I can not find any other evidence of infection but can anyone tell me what i shoudl be looking for other that what I've already written about?

 

[monty2003]

It looks like I got affected (exploited) but not infected...

Can someone tell me how to confirm for sure that I either have a virus infection or not???

I found this at the Mc site:
Because of the widespread nature of this exploit, there are lots of different scenarios where the RPC service is terminating unexpectedly and the machine tries to reboot in 60 seconds. This DOES NOT MEAN that you've been infected with this virus. If you apply the Microsoft patch, run a full scan and nothing comes up, that means you've been EXPLOITED, but NOT INFECTED.

You may be dealing with TWO SEPARATE issues. One is the exploit of an 2000/XP systems by a non-virus induced system, while the other is a virus that exploits the system, infects it, then tries to exploit other systems. There are a lot of variations of scenarios, but if your machine is showing up as clean and the exploit hole has been patched, this shouldn't happen again. (until the next security flaw gets exploited)


Thanks

 

[bcastner]

If mblast.exe is not found after a search, and the registry shows as clean, you are not infected.

Enable a firewall.
The native XP firewall is sufficient to bar explotion attempts.

 

[smah]

Run any or all of the virus scanners I posted above if it makes you more comfortable.

 

[cgrueber]

Anyone that still has this problem: Download Stinger from Network Associates and scan your system. Just because you run the patch does not mean you are clean of the infection. Stinger will find and remove 30 of the latest viruses and even fits on a floppy. After you run this reboot and run Windows Update.