Tech Support Forum banner
Status
Not open for further replies.
61 - 80 of 93 Posts

·
Registered
Joined
·
4 Posts
KB823980 ERROR

I too had the problem installing the MS fix for the blaster worm, receiving the KB823980 Error - Setup could not verify the integrity of the update.inf. Make sure the cryptographic service is running on this computer.

I confirmed the service was running and that it was starting autobmatically.

I then used the previous post, and stopped the service from running, and renamed the catroot2 folder, restarted the computer, downloaded the fix, and Bob's your uncle.

Thanks all, this will be a forum I will regularly check from now on.
 

·
Registered
Joined
·
7 Posts
the bat file posted by aeiron implements the procedures outlined in the post on page 3 by lachrymist. Since the procedure comes from MS, it should be safe.

I won't have time to try this 'till tomorrow. If anyone else has success with it, please post.
 

·
TSF Team Emeritus
Joined
·
5,580 Posts
oh

and this is what mess.be had to say about it, and i quote:

"Updated Security threat: beware MsBlast.exe

dwergs says:
Updated: D'z warned me about this earlier on and now Symantec released a security report regarding the W32.Blaster.Worm.

This worm will exploit the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135. It will attempt to download and run the file Msblast.exe.

You should block access to TCP port 4444 at the firewall level, and block the following ports, if they do not use the applicaitons listed:

TCP Port 135, "DCOM RPC"
UDP Port 69, "TFTP"

The worm also attempts to perform a Denial of Service on windowsupdate.com. This is an attempt to disable your ability to patch you computer against the DCOM RPC vulnerability.

To find out whether you're infected, press Ctrl+Alt+Del and verify if the process 'MsBlast.exe' is running. If it is, kill the process MsBlast.exe from the task manager. Next, execute regedit.exe and search for the registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Delete "windows auto update"="msblast.exe" from the right pane.

Final step: delete msblast.exe from either the Windows System and/or System32 folders.

Update #2: Do these instructions stupefy you? D'z was one of the very first to create an auto-cleaner for this worm, and now Symantec released a removal tool.

[Detailed removal instructions: Symantec.com]"

this doesnt say anything at all about this being related to msn, or the msn messenger, or any of ms's products except the fact that it afects windows machines...

so, now i am truly confused about what was said

~BoB~
 

·
Registered
Joined
·
12 Posts
First off, let me say thanks to all, as I too got infected using XP Pro this week and was able to cure all (so far) with this forums aid. The combo of the patch, regedit and deleting of msblast.exe from system32 folder did the trick for me. I enabled my firewall, which I swore was running prior to contamnation but it was not so...
This was my first known virus in 8+ years, running multiple OS's in that span without the aid of AV support. Has anyone had issues with system speed since the patch. My pc seems hungover, could it be any unknown after effects? The only funky thing after the msblast repairs was the need for me to remove my cd burner from device manager, which was recognized only has a cd rom. I have 2 cd burners, but it only effected the one, the D: drive.
Just thought I'd share and see if this may have been related to an unknown or uncommon side effect and say thanks again for the shared knowledge base.
 

·
Registered
Joined
·
12 Posts
Just to update - after run Trend Micro's house call, I removed the following files from windows\system32 folder

dcom.exe
lolx.exe
sysval32.exe
a temp int folder from local settings
the same 3 exe files were also found on the root directory.

Things are purring once again. Thanks to all for the help!
 

·
Registered
Joined
·
1 Posts
cable modem issues

since i cleared out the virus (thanks so much to the help of EVERYONE in this forum, it saved my life, plus i took all this info up to the best buy i work at and it helped a lot of people), my cable modem has been blinking on and off, working, not working, roughly every five minutes it goes thru this fit. i did everything posted here, plus installed the zonealarm firewall.

i was up at my isp, paying a bill and i asked the girl working there what the deal was, she said that the virus was essentially living within my modem, and that i needed a firewall.

well, now i have a firewall, and still, no luck.

any ideas? i'm not sure if i've missed something or what...

please feel free to im me via aim @ xdharmaxbumx, i'm generally always online (except when the net blinks out)


thanks!
 

·
Registered
Joined
·
2 Posts
I am having the same exact problem "pilotlight" is having. I don't get the RPC error again but my whole PC is messed up. I can't even cut and paste anymore nor access the links posted here just by clicking on it. I have to type it out manually in the browser window.

Everything that was posted on this thread I have already tried. My cryptographic service simply WILL NOT start up. I have tried the fix.bat as well as manually entering the values in CMD. I only get: System error 1068 has occurred. The dependency service or group failed to start.

Does RPC have something to do with it? I have tried to start it in the services but get error 1058 lol.

Any help is much appreciated. Thanks!
 

·
Registered
Joined
·
6 Posts
Im having the same problem as decibel and booting in safe mode and trying all the fixes doesnt work either. cryptographic services will not start with the bat file or by manually starting in the cmd. I no longer have the functions of cut and paste and lot of settings have been changed too. Anything i can do?... otherwise im just gonna format c and reinstall xp
 

·
Registered
Joined
·
7 Posts
Wanted to thank everybody, especially Lachrymist for the re-register info and aeiron for putting same into a nice typo-saving bat file. Worked like a charm.

Wish we could now solve the problem for those whose Crypto service apparently won't even start.... I don't have a clue. If you go into the services window (services.msc /s from run window)and try to start it, what happens?
 

·
Registered
Joined
·
5 Posts
Batch file fails.

manually registering all dll's: works except crypto so no go there

I have a dual boot into windows 98, doesn't help though

msblast is gone now

msblast seems to have come with "some other file" not described as msblast causing all those issues. I noted above some virus potential files that were removed, i will try those next.
 

·
Registered
Joined
·
6 Posts
when i try to get cryptographic services to restart it says: error 1068 dependecy service or group failed to start. Also everything works in the command prompt to re register the dll but starting crypto doesnt work.... grrrrrr.
 

·
Registered
Joined
·
7 Posts
Error 1068

I have learned the following:

For Cryptographic services to start, RPC service must be running first. You find this out by opening the services window (run - services.msc /s) then right-clicking on cryptographic services and selecting properties. From there you can find the dependencies. That's what error 1068 means - that a required service the requested service is dependent on isn't running. Since RPC is the service that the worm attacks through, could it be stopped on your computer? I'd go to the services window and check it out.

If you can't keep RPC running because of the worm, go to the services window, right click on RPC (NOT RPC locator) and select properties, then choose the recovery tab. Under this window, set the three places where "restart the computer" appears and change the settings to "restart the service". This keeps RPC running and may allow you to get Crypto service started. Remember to put the settings back later!!

I'm guessing at all of this, but it's what I'd try next.

Good luck.
 

·
Registered
Joined
·
5 Posts
quick comment

not sure if otehrs are aware

for the cryto issues:
i am not abkle to right click and go into properties on any service, only abele to do dos commands.

run - services.msc /s

have to look up that, or another way to run it manually, taht should help though thanks


ADD:
found this under NT
net start rpcss
 

·
Registered
Joined
·
2 Posts
Help

i need help cuz i keep on gettin that **** shut down thing too an i dont kno what it means. im computer retarted. i talked to my brother an he told me to go to a site but when i was downloadin the thing he told me to download that stupid shut down thing poped up an retsrted the computer.

it just poped up again **** it plz help me thanks
 
61 - 80 of 93 Posts
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Status
Not open for further replies.
Top