how did i get infected with blaster?

  hugh-265156 23:37 23 Nov 2003

click here

i was up to date with all the ms critical updates and use outpost and avg all up to date.

also disabled system restore and ran stinger and it found nothing.

shutdown -a didnt work,i also disconected my cable modem.


  pcgal 23:41 23 Nov 2003

sorry for the bl**din obvious........but how do u know its blaster?

  hugh-265156 23:45 23 Nov 2003

well i have spent o few hours reading up on the various symptoms and the "nt athority system" shut down in 60 secs seems to point to it.

  powerless 23:47 23 Nov 2003

@@ in the end i reloaded an acronis image i had taken a month ago and then downloaded a few updates(sorted in half an hour) @@

Did those updates include the blaster one?

  pcgal 23:48 23 Nov 2003

huggy do a search for files/folders for word blaster and report such popup in win32 if u have it

  pcgal 23:48 23 Nov 2003

it should popup

  hugh-265156 23:50 23 Nov 2003

it was installed before i took the image kb824146

wayyyy back when it first came out,july i think.

  hugh-265156 23:56 23 Nov 2003

nothing in the registry when i did a "find next" last night or using "search" then or now.stinger also found nothing.wnnt through the whole procedure to remove and stil the only option was a reinstall.

thats why i am puzzled as to what this could have been.

all i did was click on a link to a web page,i know this is all it takes.

  hugh-265156 00:05 24 Nov 2003

first error i got looked exactly like click here

then the other "cannot be found" or "unable to locate component" appeared afterwards.

  Jester2K II 07:55 24 Nov 2003

This shutdown procedure is not just initiated by MSBlaster.

The shutdown procedure is a SIDE EFFECT of the virus and not a design. The virus causes the RPC Service to terminate by accident. However this then causes XP to Shutdown!

Just because you are having RPC Shutdown problems doesn't mean its Blaster!

Next time can you get a screen shot or as much info off it as possible? shutdown -a should still work as its a command to terminate the shutdown countdown - however if the problem is critical then it might restart the count down.

Esp the then the other "cannot be found" or "unable to locate component" bits....

  hugh-265156 09:02 24 Nov 2003

ok.this is exactly what happened.

earlier in the day i had a "script exploit" as reported by avg.i disabled system restore and ran a scan.avg said it was in my temporary internet files and it could not remove it so i deleted my temporary internet files and ran the scan again.this time nothing was found so i re-enabled system restore again.shut down and went out.

on my return the computer started up ok and got as far as the windows login screen.once i clicked my login i got the error:

NT AUTHORITY\SYSTEM time before shutdown:60secs

"windows must now restart because the Remote Procedure Call(RPC) service terminated unexpectedly"

it also said it could be due to a hardware or network connection problem.

then after that,as it was still counting down i got error after error,after error.i only wrote a few down as there were at least 30 or 40 of them lol!

the errors were just called "error" not system32 error etc.examples as before:

"avg set path failed"

"browseui.dll,unable to locate component"

system32\lsass.exe cannot be found"

C:\$mft cannot be found"

after 60secs were up the screen went blue and the computer did not restart,i had to hit the off button.i disconnected from internet physically,removed all usb connections etc and tried again,same thing,could not get into windows at all.

safe mode worked ok and i went straight to msconfig,the only items at start were avg and outpost as normal.i unticked them anyway and tried it again,still the i went back to safe mode and ran a disk check all ok,no errors,bad sectors etc.tried using search and find as above.i ran stinger and it said all my files were healthy.avg would not run in safe mode.

in the end i gave up,formatted the drive and loaded up an image.

maybe it wasnt blaster.but i am sure the earlier script error had something to do with it.if it didnt then what else would cause this?

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Dell XPS 13 9370 (2018) review

The art of 'British' pulp fiction

Best password managers for Mac

TV & streaming : comment regarder le Tournoi des Six Nations 2018 ?