Getintothegame
Aug 12, 2003, 04:04 PM
Ok, another box saying I have 60 seconds before my PC shuts down again, but I found a fix. I saw a topic on this, but I don't know if it had the fix or not, so here is a copy paste from http://boards.ign.com/message.asp?topic=43667030&start=43667406
-----------------------------------------------------------
CAUSE: The worm will exploit the DCOM RPC vulnerability. The purpose of the virus is to spread to as many machines as possible. By exploiting an unplugged hole in Windows, the virus is able to execute without requiring any action on the part of the user.
Resolution if you have Norton and the subscription is current.
1. Disable system Restore.
a. Click Start, settings control panel
b. Windows XP classic control panel double click system or in Windows XP category view click Performance and Maintenance, then click system.
c. Click the System Restore tab in the system properties box.
d. Select 'Turn off system restore' or 'Turn off system restore on all drives'.
e. Click Apply
f. A system restore box will come up, 'Do you want to turn off system restore?' Click YES
g. Click OK
2. Update virus definitions. Run LiveUpdate. NOTE: If you are unable to download the update follow step 2 in the resolution below 'Resolution if you don't have a current Norton subscription.' then attempt it again.
3. Scanning for and deleting the infected files.
a. Run a full system scan.
b. If any files are detected as infected with W32.Blaster.Worm, click Delete.
4. Deleting the registry value.
a. Delete the registry value.
b. Click Start, and then click Run
c. Type regedit
d. Click OK
e. Navigate to the key: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentV ersionRun
f. Delete the value 'windows auto update' 'msblast.exe' in the right panel.
g. Exit the registry editor.
5. Enable system Restore
a. Click Start, settings control panel
b. Windows XP classic control panel double click system or in Windows XP category view click Performance and Maintenance, then click system.
c. Click the System Restore tab in the system properties box.
d. Clear the 'Turn off System Restore' or 'Turn off system restore on all drives'.
e. Click Apply and then OK.
6. Do a Windows update and download all critical updates.
AFTER THIS, I RECOMMEND YOU RESTART YOUR COMPUTER.
----------------------------------------------------------
Resolution if you don't have a current Norton subscription.
1. Disable system Restore.
a. Click Start, settings control panel
b. Windows XP classic control panel double click system or in Windows XP category view click Performance and Maintenance, then click system.
c. Click the System Restore tab in the system properties box.
d. Select 'Turn off system restore' or 'Turn off system restore on all drives'
e. Click Apply
f. A system restore box will come up, 'Do you want to turn off system restore?' Click YES
g. Click OK
2. Enable the Microsoft Firewall. (This should allow you to download without losing the connection.)
a. Click Start, settings control panel
b. Windows XP classic control panel double click network connections or in Windows XP category view click Network and Internet connections, then click Network connections.
c. Right click on the local area connection and select properties.
d. Click on the advanced Tab.
e. Click Protect my computer.
f. Click OK
g. Close the control panel.
3. Download update.
Download and install the MS03-026 patch
MICROSOFT PATCH: http://www.microsoft.com
Go to [resources] in left-frame and downloads. Under [Most Popular Downloads]: Windows XP Security Patch: Buffer Overrun In RPC Interface Could Allow Code Execution. (Please note, I could not find this. I'd try Automatic updates)
4. Deleting the registry value, and files.
Delete the registry value.
a. Click Start, and then click Run
b. Type regedit
c. Click OK
d. Navigate to the key: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentV ersionRun
e. Delete the value 'windows auto update' 'msblast.exe' in the right panel.
f. Exit the registry editor.
End task on msblast.exe
g. (Skip this step)
h. Hit CTRL ALT DELETE
i. Choose the Processes tab.
j. Select msblast.exe then click the end process button.
Delete msblast.exe.
k. Click start then Search
l. Select all files and folders.
m. In all or part of the file name type msblast
n. Verify look in has your local hard drives.
o. Click search.
p. After it searches delete the files msblast.exe
q. Empty the recycle bin.
5. Enable system Restore
a. Click Start, settings control panel
b. Windows XP classic control panel double click system or in Windows XP category view click Performance and Maintenance, then click system.
c. Click the System Restore tab in the system properties box.
d. Clear the 'Turn off System Restore' or 'Turn off system restore on all drives'.
e. Click Apply and then OK.
AFTER THIS, I RECOMMEND YOU RESTART YOUR COMPUTER.
If this does not resolve the issue a format and reload will be required, please use your system restoration process.
------------------------------------------------------------
Also, if you always get this error, here is how to get enough time to do all this:
Check here. (http://boards.ign.com/message.asp?topic=43624556&replies=10)
<font size=-1>[ This Message was edited by: Getintothegame on 2003-08-12 14:33 ]</font>
-----------------------------------------------------------
CAUSE: The worm will exploit the DCOM RPC vulnerability. The purpose of the virus is to spread to as many machines as possible. By exploiting an unplugged hole in Windows, the virus is able to execute without requiring any action on the part of the user.
Resolution if you have Norton and the subscription is current.
1. Disable system Restore.
a. Click Start, settings control panel
b. Windows XP classic control panel double click system or in Windows XP category view click Performance and Maintenance, then click system.
c. Click the System Restore tab in the system properties box.
d. Select 'Turn off system restore' or 'Turn off system restore on all drives'.
e. Click Apply
f. A system restore box will come up, 'Do you want to turn off system restore?' Click YES
g. Click OK
2. Update virus definitions. Run LiveUpdate. NOTE: If you are unable to download the update follow step 2 in the resolution below 'Resolution if you don't have a current Norton subscription.' then attempt it again.
3. Scanning for and deleting the infected files.
a. Run a full system scan.
b. If any files are detected as infected with W32.Blaster.Worm, click Delete.
4. Deleting the registry value.
a. Delete the registry value.
b. Click Start, and then click Run
c. Type regedit
d. Click OK
e. Navigate to the key: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentV ersionRun
f. Delete the value 'windows auto update' 'msblast.exe' in the right panel.
g. Exit the registry editor.
5. Enable system Restore
a. Click Start, settings control panel
b. Windows XP classic control panel double click system or in Windows XP category view click Performance and Maintenance, then click system.
c. Click the System Restore tab in the system properties box.
d. Clear the 'Turn off System Restore' or 'Turn off system restore on all drives'.
e. Click Apply and then OK.
6. Do a Windows update and download all critical updates.
AFTER THIS, I RECOMMEND YOU RESTART YOUR COMPUTER.
----------------------------------------------------------
Resolution if you don't have a current Norton subscription.
1. Disable system Restore.
a. Click Start, settings control panel
b. Windows XP classic control panel double click system or in Windows XP category view click Performance and Maintenance, then click system.
c. Click the System Restore tab in the system properties box.
d. Select 'Turn off system restore' or 'Turn off system restore on all drives'
e. Click Apply
f. A system restore box will come up, 'Do you want to turn off system restore?' Click YES
g. Click OK
2. Enable the Microsoft Firewall. (This should allow you to download without losing the connection.)
a. Click Start, settings control panel
b. Windows XP classic control panel double click network connections or in Windows XP category view click Network and Internet connections, then click Network connections.
c. Right click on the local area connection and select properties.
d. Click on the advanced Tab.
e. Click Protect my computer.
f. Click OK
g. Close the control panel.
3. Download update.
Download and install the MS03-026 patch
MICROSOFT PATCH: http://www.microsoft.com
Go to [resources] in left-frame and downloads. Under [Most Popular Downloads]: Windows XP Security Patch: Buffer Overrun In RPC Interface Could Allow Code Execution. (Please note, I could not find this. I'd try Automatic updates)
4. Deleting the registry value, and files.
Delete the registry value.
a. Click Start, and then click Run
b. Type regedit
c. Click OK
d. Navigate to the key: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentV ersionRun
e. Delete the value 'windows auto update' 'msblast.exe' in the right panel.
f. Exit the registry editor.
End task on msblast.exe
g. (Skip this step)
h. Hit CTRL ALT DELETE
i. Choose the Processes tab.
j. Select msblast.exe then click the end process button.
Delete msblast.exe.
k. Click start then Search
l. Select all files and folders.
m. In all or part of the file name type msblast
n. Verify look in has your local hard drives.
o. Click search.
p. After it searches delete the files msblast.exe
q. Empty the recycle bin.
5. Enable system Restore
a. Click Start, settings control panel
b. Windows XP classic control panel double click system or in Windows XP category view click Performance and Maintenance, then click system.
c. Click the System Restore tab in the system properties box.
d. Clear the 'Turn off System Restore' or 'Turn off system restore on all drives'.
e. Click Apply and then OK.
AFTER THIS, I RECOMMEND YOU RESTART YOUR COMPUTER.
If this does not resolve the issue a format and reload will be required, please use your system restoration process.
------------------------------------------------------------
Also, if you always get this error, here is how to get enough time to do all this:
Check here. (http://boards.ign.com/message.asp?topic=43624556&replies=10)
<font size=-1>[ This Message was edited by: Getintothegame on 2003-08-12 14:33 ]</font>