Tech Support banner

Status
Not open for further replies.
1 - 14 of 14 Posts

·
Registered
Joined
·
2 Posts
Discussion Starter #1
hi all,

i am using Windows2000 and i connect to the internet through a ADSL modem. all was working fine till last nite when a pop window saying

The system is shutting dow. Please save all your work before you log off. All unsaed data will be lost. This shutdown is initiated by NT AUTHORITY/SYSTEM. Shutdown is as a result of remote procedure call due to unexpected termniation.

or sth to that effect.

what the hell is happening here :(

tried looking for information on google but couldnt find any.

if the pc is not connected to the internet all works fine.

any help would be greatly apprectiated !

thanks mates
 

·
Registered
Joined
·
1 Posts
I thought it was just me. I had the same problem and I got into work this morning and another guy it as well.

Anyone any ideas??


Thanks

dusteve
 

·
Registered
Joined
·
15 Posts
This is a VIRUS

Most likely. I have heard about it. There is a patch available... but I don't recall where. Good luck! I'd give you some advice on wasy to disable it, but you have to fast at REGEDIT and know what is supposed to boot on your PC. there is a patch available for this virus however... if you can download it 59 seconds. Again, good luck!
 

·
Registered
Joined
·
15 Posts
a patch is available at <URL>http://microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp</URL> Pick your OS... and download. (cross your fingers, you've only got 59 seconds to get this. If you've got 2000 (please say you do) it is only 900 k, and will take about five minutes. ****! that won't work. There is a way to disable the virus (or at least the shutdown) but I don't recall what it is... or how to do it.

I could probably handle it in the registry, but as I don't have an NT computer, or the virus to play with... I don't know where it stores the launch data.

However, programs are told to launch from the following locations
If you are desperate, just delete everything from those keys. (it shouldn't kill your PC... but you may be out a driver or two and some programs you have set to startup won't start anymore... that is the least of your worries, though.)

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices
 

·
Registered
Joined
·
15 Posts
The virus name is msblast.exe. If you see this on your computer, your infected. It is also known as the Lovsan worm.

This data came from http://www.f-secure.com/v-descs/msblast.shtml

How to get rid of Lovsan worm in 5 minutes:

1. Boot up the infected computer

2. If you keep getting the "Shutdown in 60 seconds" dialog, click Start / Run, and execute command 'shutdown -a'

3. Download and run the Microsoft patch to close the RPC hole.

Download for Windows 2000 from www.microsoft.com:
http://www.f-secure.com/dl-w2k/

Download for Windows XP from www.microsoft.com:
http://www.f-secure.com/dl-wxp/

4. Download and run F-Secure's F-LOVSAN tool to remove the virus:
ftp://ftp.f-secure.com/anti-virus/tools/f-lovsan.zip

5. You're done.
 

·
Registered
Joined
·
3 Posts
Great! My father in law also has it on two of his computers, I'm not at home now so I cant try it but I will get my father in law on the case!:D
 

·
Registered
Joined
·
1 Posts
i just did control . alt . delete, went into processes and ended msblast.exe process.

im running windows xp
For now i have to do that everytime i start my computer.
It will give you enough time to download any patch you may need.

Hope it Helps,
Guertrude
 

·
Registered
Joined
·
89 Posts
to stop the virus shutting you down, open the command prompt and type shutdown -a

this will stop it from shutting down allowing you to com,pleate the patch download
 
1 - 14 of 14 Posts
Status
Not open for further replies.
Top