Tech Haven Network

ok my comp was going slow as fuck so i formatted it, all was going ok till this lil msg popped up. ive formatted it about 3 times now and updated it but the damn thing still pops up , anyone got a clue what it could be?

btw im sorry its not smaller havent got any photo edit software right now

Welcome to the RPC virus, if I'm correct.. I can't remember the name, but it sure looks like your being hit with it.

I would download all the patches, and burn them to CD if ya can.. Or get a firewall installed ASAP.

Maybe one of the Windows freaks can help ya out, since I don't support that OS.. Other than for gaming. And I'm behind a hardwire firewall all the time, so I've never experienced that problem.

erm run windows update mate.. cause it seems like it is a virus that is abusing your LLSA ( or something close to that ) buffer overrun.. its a leak in windows discoverd end of april and a FUCKLOAD of viruses use it.. so just get to windows update and download the patch..

ive done the update thing, about 6 or 7 times now and it keeps, telling me there are more patches.....but ive already got them

@DL: it was a fresh format mate, kinda pissy about that alone 40gig of music gone :S

SiL ..:..

I used to get this on fresh installs while i was on net re-downloading the drivers, firewall & Anti Virus software with no Firewall up.

It was always that damn blaster virus or nachi i think was the other.

AVG Anti-Virus always did a good job of killing it for me, turn off system restore when u do a virus scan, then reboot after coz the ones i had appeared to be hiding in the restore files and just came back.

*sigh* started the avg thingy, but when i try to install it the thing just shuts down, trying some other patch thing i found

Ugh.. I'm sorry to hear that you are having such issues with viruses. I'm fortunate enough to own a few routers, that block all those nasties from getting in.

I can't speak for the UK, but here in Canada, I can get a D-Link 4 port router w/ firewall for about $30 dollars. Anything cheap like that over there?

to stop the shutdown in a windows xp machine (w2k doesn't include that executable )

run the following command after you get that message:

shutdown -a


This aborts the shutdown procedure, then go to windowsupdate.microsoft.com and get all patches (start with the most important ones automaticaly selected).

Might you get the shutdown notice again, just use the command again.

(to run a command either start a command prompt window or go to start -> run)

after that do an online virusscan to see if you got a virus, you have the sympton of several known virussus however that does not mean you actualy are infected yet (other people on the internet that are infected cause machines like yours to get the same symptons while their virus is *trying* to infect you )

If your not infected yet, another sollution would be to turn on the windows firewall by selecting the properties of your current internet connection (for example 'Local Area Connection' for standart cable and dsl.

After you got rid of it, get yourselve a proper firewall program, preferably *nix based on a seperate machine, otherwise, zonealarm; norton internet security; or simular if your running windows.

i had one of those.. delete sys.exe after you have taken a working one off of another pc
replace it and voila happy silly

Hmm sounds like that new version of MSBlast.w32 a nasty peice of work that bastard.

Best way to also halt this on all NTFS OS's, goto control panel, admin tools, services. then view the properies of the RPC service (forget the exact name) and make sure that on recovery you switch "shutdown" to "restart service". then go on the web and get a mydoom.w32 remover and a MSBlast.W32 remover.

Anyhow. good luck

Fix it a few days ago but i did it the hard way lol

burned the microsoft patch to cd on my mates comp.
formatted the comp again
then install the pacth from the cd while the comp wasnt connected to the net

lol it worked

SiL ..:..

neocracky work?

who gives a fuck about windows does nc work?
My dad is having problemos with his 2000pro comp- u cant run any prog apart from iexplore lols
I installed xp on another partition and havent told him yet!

covert dual boot whohoo

Just to let you know, theres 2 main virus problems that cause that. one is the Sasser Worm (W32.Sasser.A - LSASS 'Local Security Authority Subsystem Service' Exploit) and the other is MSBlast (W32.Blaster.A - RPC 'Remote Procedure Call' Exploit)

Sasser worm link:
http://www.microsoft.com/security/incident/sasser.mspx

MSBlast Link:
http://www.microsoft.com/security/incident/blast.mspx

Hope that helps anyone having the problems.
Its a good idea to get the updates even if you dont have the problem so the exploit wont ever be used on your system.

My particular view:

Format the comp,
Make a restore point before you do anything
Download/buy Norton Antivirus (DL on another PC) and DL defs from another PC, install.
Plug into net
Windows Update
Full Virus Scan

Done.

That's how i'd do it, or as Husk suggested, shutdown -a and then patch it while spamming the -a command