Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

shutdown in 60 seconds

  • 07-04-2004 8:19pm
    #1
    Closed Accounts Posts: 725 ✭✭✭


    Under a freash windowsXP install a friend of mine gets the following error.
    The system runs fine untill he connects to the internet and aftewr 5 mins he is presented with an error message something like the following.


    "NTAuthority/system remote procedure will shut down in 60 seconds"

    Once the 60 seconds counts down the computer shuts down.
    sorry I cant be more spacific about the error message but thats all I can get.


Comments

  • Closed Accounts Posts: 14,983 ✭✭✭✭tuxy


    blaster worm


  • Registered Users, Registered Users 2 Posts: 68,317 ✭✭✭✭seamus


    He has a blaster worm.
    Google for it.

    Fresh installs of XP SP1, should always be followed by installing a firewall that blocks all but HTTP traffic and then connecting to internet/network, and downloading all windows updates.


  • Closed Accounts Posts: 545 ✭✭✭ColmOT [MSFT]


    Make sure that you install patch KB824146 from Windows Update. This is the fix to prevent infection with Blaster.


  • Moderators, Technology & Internet Moderators, Regional South East Moderators Posts: 28,536 Mod ✭✭✭✭Cabaal


    No matter how many times I hear users getting this message it still makes me kinda laugh especially when they try say its my fault :p


  • Registered Users, Registered Users 2 Posts: 1,479 ✭✭✭catho_monster


    ok. i have this thing too.
    but i havent installed any
    Fresh installs of XP SP1
    it just started coming up with no reason...


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 2,426 ✭✭✭ressem


    Seamus was describing what you should be doing.

    Now that you've got the virus
    follow the instructions and download the patches recommended at
    http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
    to prevent your PC from restarting and fix the problem.



    I'm assuming your PC is on a home dialup,
    so install a software firewall,
    switch off netbios over TCP, and file and printer sharing on your internet network adapter.

    Then patch your PC (windows / ie/ office) and repeat each month.
    I know it's a B***** to do on a dial up connection, especially since MS stopped allowing PC magazines to distribute service packs but you can use windows update to get Q patch numbers and download the large files from a company or uni network.

    OT
    Can our resident MSFT impersonator explain why MS stopped us from securing our PC's using magazine Cds? Technically I'm not legally allowed to make up a monthly patch CD for colleagues home PC's which indirectly is a risk for the business.


  • Registered Users, Registered Users 2 Posts: 13,016 ✭✭✭✭vibe666


    with reference to the windows update problem, what you need is AutopatcherXP from Neowin.net it does all the XP patches from SP1 to current and is released as an update on a monthly basis. Very handy.


  • Registered Users, Registered Users 2 Posts: 2,426 ✭✭✭ressem


    Nice one. Thanks.


  • Registered Users, Registered Users 2 Posts: 26,584 ✭✭✭✭Creamy Goodness


    to abort the shutdown type
    shutdown -a

    in the start >> run


  • Registered Users, Registered Users 2 Posts: 2,426 ✭✭✭ressem


    to abort the shutdown type
    shutdown -a

    Providing you've got
    Windows XP or
    resource kit installed on Windows2000


  • Advertisement
  • Closed Accounts Posts: 1,166 ✭✭✭Johnny Versace


    Click Start > Run. The Run dialog box appears.
    Type:

    SERVICES.MSC /S

    in the open line, and then click OK. The Services window opens.


    In the right pane, locate the Remote Procedure Call (RPC) service.


    CAUTION: There is also a service named Remote Procedure Call (RPC) Locator. Do not confuse the two.


    Right-click the Remote Procedure Call (RPC) service, and then click Properties.
    Click the Recovery tab.
    Using the drop-down lists, change First failure, Second failure, and Subsequent failures to "Restart the Service."
    Click Apply, and then OK.


    CAUTION: Make sure that you change these settings back once you have removed the worm (change "Restart the Service" back to "Restart the Computer".)

    You then need to download the Blaster Virus removal tool. You can get it here -
    http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

    ...

    Beware that the Blaster virus could be on your D:/ or E:/ and is waiting to reinfect C.

    Also, stop opening attachments from people you don't know, or anything that is not a ZIP or graphic or movie.


  • Registered Users, Registered Users 2 Posts: 2,426 ✭✭✭ressem


    Some of the blaster variants spread only through the RPC hole, not mail.

    Which is why file/printer/netbios/iis/msde and the other unnecessary stuff should be disabled.


    Every second mail virus these days bundles itself within a zip.

    Lots of others use the
    .gif <lots of spaces> .pif
    or
    .mpeg <lots of spaces > .exe
    that is easy to miss.

    or the html link exploit, that opens the enclosed file.

    Hard and fast rules like this don't work well under windows.
    Which is why a virus checker and firewall are desirable.

    (preferably both hardware and software, since viruses are around that target a particular security product and use its vunerabilities to rip apart your machine)

    There's plenty of threads recommending products along these lines, so I won't rehash them.


  • Closed Accounts Posts: 1,166 ✭✭✭Johnny Versace


    Sure, I wasn't trying to give all the hard and fast rules, just pointing out that general awareness is the first line of defence...


  • Registered Users, Registered Users 2 Posts: 2,426 ✭✭✭ressem


    Sorry, no criticism intended.

    As a supercillious \. reading IT-know-it-all, I used to give the same advice last year, but the virus kiddies made the suggestions invalid again.

    I know people well smarter than me and with AV that got caught by the first weekend of blaster or netsky variants, and so felt the "stop opening attachments " assumption to be a little harsh, given that there's so many areas that have to be maintained, which no-one is taught about except through experience. Half of them haven't even been mentioned in this thread.

    E.g
    Get your rotating backup strategies ready for when vicious feckers alter these to rot harddrive data as opposed to propagation, like the witty worm.


  • Closed Accounts Posts: 191 ✭✭MadKevo


    Originally posted by ressem
    Sorry, no criticism intended.

    As a supercillious \. reading IT-know-it-all, I used to give the same advice last year, but the virus kiddies made the suggestions invalid again.

    Was going to ask what backslash-dot was, but I suppose it is a Windows specific board...!!
    Just my little joke.
    Me goes back into lurk mode again...:ninja:


  • Registered Users, Registered Users 2 Posts: 15,956 ✭✭✭✭Villain


    I got this when it first arrived and installed the patch and removed the worm.

    However it started re-appearing again last week and I can't get rid of it.

    I ran stinger and it foung Blaster.b deleted that and installed patch again

    Following day it happened again, ran stingert and it found blaster.d

    What am I doing wrong??


  • Registered Users, Registered Users 2 Posts: 20,553 ✭✭✭✭Dempsey


    Originally posted by ressem
    Providing you've got
    Windows XP or
    resource kit installed on Windows2000

    The blaster worm only infects Xp


  • Registered Users, Registered Users 2 Posts: 3,177 ✭✭✭oneweb


    Originally posted by Dempsey
    The blaster worm only infects Xp
    Incorrect, it infects NT based systems (Win2k AND XP). I should know - I had to present my final year project in a room full of poxy blaster infected W2K machines :mad:

    It is what it's.



Advertisement