Auto-Reboot by "NT-AUTHORITY-SYSTEM"? SOLVED, RPC vulnerability from Windows*

[Fausto]

*sigh*

I got nailed and just finished reinstalling XP. Fsckers. :|



Serves me right for not being vigilant with my updates, I suppose. 😱

 

[stormbv]

MSBLAST.EXE...I have it. It's inside! Nooo! What do I do now?

 

[LAUST]

LOL, yep, I had to apply this on mine and VNC

 

[mpitts]

My friend just called me with this problem. Thanks to ATOT, I know what the hell he is talking about.

 

[DanTMWTMP]

man...everyone's getting this problem...

now every 2k computer i've encountered is getting this wierd svchost.exe blhablabh error problem.....seems to be fixed by the new sp4 and reinstalling every adobe software... 😕

 

[Harvey]

BTW, I have the genuine, unaltered install file for the freeware version of ZA ver. 2.6.362, the last good one. PM me, if anyone wants to host it. I don't want to do this more than a couple of times because it's a 3.8 MB upload, slow even on DSL.

It works great on Win 98, NT, 2K and XP, and it doesn't hog resources like ver. 3.xxx. The newer versions also are a bitch to uninstall, including manual reg edits. 😛

< Update >

minendo said he'd host it. 😀 Zone Alarm ver. 2.6.362 -- Free version

 

[Riba]

This has been out for months but It got into the wrong hands and script kiddies are having a ball sending this to every ip on the internet.

 

[LAUST]

Originally posted by: DanTMWTMP
man...everyone's getting this problem...

now every 2k computer i've encountered is getting this wierd svchost.exe blhablabh error problem.....seems to be fixed by the new sp4 and reinstalling every adobe software... 😕

I'd say anytime you UNINSTALL an Adobe product you are fixing it 😉

 

[GeekDrew]

i'm using kerio firewall... i'm getting hammered on tcp135 extremely hard...
and by the way -

if the machine gives you the 60 second warning - then you can abort shutdown if you need to save something, etc.

go to the run box (start-->run)

"shutdown -a" is the command to run

shutdown will be aborted, but you need to be disinfected quickly 🙂

 

[kehi]

What does RPC mean? Thanks

 

[GeekDrew]

is it remote procedure call?
i think so...

 

[pyonir]

Does not effect WinME. HAHA! Who says WinME sucks now!?

Ok ok...everyone does. 🙁

 

[NikPreviousAcct]

Grr... I just decided to format/reinstall Windows this afternoon so I didn't see this thread. After each seemingly stable install, all I got was this RPC error and reboot. I formatted/reinstalled a total of five times at different clock speeds, eventually slowing my system to a dead crawl, thinking it was some other form of weird ass error.

:|

🙁

I suck. 🙁



Well, thanks to Gregg, I was directed to this thread and was able to patch the system before I got another error and formatted/reinstalled again.


😱

 

[kehi]

Does not effect WinME. HAHA! Who says WinME sucks now!?

Ok ok...everyone does





ROFLMAO

 

[Twista]

operating system forum.

 

[N8Magic]

Here's a bit more info on how the virus propogates itself:

http://www.f-secure.com/v-descs/msblast.shtml

 

[LuDaCriS66]

What exactly is this RCP attack capable of? I read about it this afternoon.. downloaded the patch and didn't even think about installing it because I was patching my brothers computer and friends systems.

I leave my system on during supper.. and then when I come back, I find my computer frozen at the desktop. Okay, so I rebooted the system and I get this nvidia boot utility checking for DHCP.. when it finished, I got the ol' "Boot disk failure" message.

I reboot again and noticed that my BIOS wasn't detecting my hard drives. I tried a boot disk and WinXP's setup and they both said that there were no drives installed
so I was freaked out cuz the hard drive I used to backup my stuff was also not being detected..
I immediately thought someone must have used this RPC exploit on me and screwed up my drives..

but a few reboots later, I booted up into WinXP prof just fine...
anyone know wtf is going on?

is it just my hard drive dying maybe.. or my Epox 8RDA+ mobo screwing up.. ??

 

[Mark]

how come none of these sites actually tell you how it gets into your system in the first place...

 

[spidey07]

all it takes is a few network packets to TCP port 135. The code is small and efficient.

Those few packets contain the worm itself. You can get it from a LAN, from dial-up, from wireless, from internet, from any network.

 

[Harvey]

Norton just issued an AV update within the last couple of hours. Live Update works. You don't have to d/l from Intelligent Update.

 

[zippy]

Buwahaha. My friend IMs me tonight in a panic. He can't figure out wtf is wrong with his computer but he kept telling me about some NT Authority System problem. I had no idea. I suppose I should drop him an email. 🙂

 

[NoReMoRsE]

Thanks for the info guys.

 

[Mill]

I am so glad I am behind a router and had let windows update patch my box three days ago. One box wasn't patched but it was behind the router and was saved. I patched it as soon as I heard.

 

[Adul]

my friend and cousin just got this virus too 🙁
I fixed one machine so far and told my cousin to disconnect from the internet. damn :\

 

[stormbv]

I'm finally getting this under control...I have the new virus definitions, and now I'm doing a full scan. Then I'll do the regedit. Should my system be okay after this?