NT Authority shutdown

  lesava 08:59 02 May 2004

Some months ago I had the virus which caused the NT Authority shutdown and managed to get rid of it by following the instructions given to other people on this site. Now I have it again, on my PC using XP Pro and my laptop using XP Home. I can't stay on line long enough to look up anything and the PC keeps trying to log on with the message 'You or a programme have requested information from ...' and then various numbers, different each time. I'm using a very old Windows 98 PC at the moment to get on line, which doesn't seem to be affected. I have AVG virus checker on both the PC and laptop which I updated only yesterday but it is not finding anything. Can you help please. thank you. Jane

  AiMs 09:20 02 May 2004

Get the security patch off the microsoft website:

click here

  VoG II 09:33 02 May 2004

"You or a programme have requested information from" sounds to me like some spyware trying to phone home.

Try Ad-aware click here and Spybot click here

  lesava 09:38 02 May 2004

Thank you, I will try those when I can, but first I have to get rid of the shutdown problem, because I can't stay on long enough to run anything from Adware or Spybot.

  VoG II 09:41 02 May 2004

(and I'm not sure that you have)

First, Start, Run and type

shutdown -a

and click OK. This will give you more time (i.e. stop it from shutting down so quickly).

Disable System Restore click here

Next, get the MS Patch. Without it you'll be reinfected every time you connect: click here

Then run either Stinger click here or the Norton removal tool click here or Microsoft's tool click here

When all is OK again, re-enable System Restore.

  lesava 11:09 02 May 2004

Thanks, I have done all that on the laptop, not the PC yet as I'm having to use the monitor on my very old PC in order to get on line.

I had downloaded the patch some time back when I first got the problem. Is this a newer patch?

Stinger did not find anything, and you seem to doubt that this is Blaster? The system is still shutting down on me and also even when not on line, it is freezing or going incredibly slowly.

Any other thoughts?

  VoG II 11:13 02 May 2004

click here possibly but Stinger should have found it.

  lesava 11:53 02 May 2004

Thanks, I've looked at this. I do have a file called Avserv2 in C:\windows. I started to follow the instructions for manual deletion but I not sure if I am correctly putting it into 'safe mode'. I hit the F8 button as suggested and simply get an option to continue, when I hit enter it then proceeds to load as normal. Is it then in 'safe mode? I assumed it was and tried to delete Avserv2 but it will not let me, saying access is denied and suggesting that it may be currently in use. Oh dear, what now?!

  lesava 13:42 02 May 2004

OK, I've since used the Norton removal tool and it found and removed the sasser virus, and I've downloaded the patch. So hopefully all is now well on the laptop, I'll try the PC now. Thanks for all your help.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

WPA2 hack: How secure is your Wi-Fi?

Add Depth Of Field to a photo using Tilt Shift Blur in Photoshop

iPhone tips & tricks

Comment afficher des fichiers cachés sur Mac ?