Main Restorations Software Audio/Jukebox/MP3 Everything Else Buy/Sell/Trade
Project Announcements Monitor/Video GroovyMAME Merit/JVL Touchscreen Meet Up Retail Vendors
Driving & Racing Woodworking Software Support Forums Consoles Project Arcade Reviews
Automated Projects Artwork Frontend Support Forums Pinball Forum Discussion Old Boards
Raspberry Pi & Dev Board controls.dat Linux Miscellaneous Arcade Wiki Discussion Old Archives
Lightguns Arcade1Up Try the site in https mode Site News

Unread posts | New Replies | Recent posts | Rules | Chatroom | Wiki | File Repository | RSS | Submit news

« previous next »
Pages: [1]
  
Go Down

Author Topic: Blaster Worm-like activity  (Read 1124 times)

0 Members and 1 Guest are viewing this topic.

shmokes

  • Just think of all the suffering in this world that could have been avoided had I just been a little better informed. :)
  • Trade Count: (0)
  • Full Member
  • ***
  • Offline Offline
  • Posts: 10397
  • Last login:September 24, 2016, 06:50:42 pm
  • Don't tread on me.
    • Jake Moses
Blaster Worm-like activity
« on: September 21, 2005, 12:53:33 pm »
Is anyone haven't that 60 second count-down thing happening?  I suddenly have two computers, both 2000 pro machines, repeatedly popping up the RPC error message where you get 60 seconds before a forced reboot.

My up-to-date McAfee gives it a clean bill of health.  I also downloaded and installed AVG antivirus, Microsoft's blaster-worm patch, and ran symantec's Blaster/Nebiwo removal tool and McAfee's Stinger.

According to anything I throw at the computers they are clean, but it's got to be a virus.  Two computers in two offices developed the problem at exactly the same time.  It's killing me.  Anyone?
Logged
Check out my website for in-depth reviews of children's books, games, and educational apps for the iPad:

Best Kid iPad Apps

Havok

  • Keeper of the __Blue_Stars___
  • Trade Count: (+17)
  • Full Member
  • ***
  • Offline Offline
  • Posts: 4530
  • Last login:July 11, 2025, 01:29:48 am
  • Insufficient facts always invite danger.
Re: Blaster Worm-like activity
« Reply #1 on: September 21, 2005, 12:58:57 pm »
Try the msrt - it's updated every month:

http://www.microsoft.com/downloads/details.aspx?FamilyID=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

One other thing: do you use SMS?
Logged

missioncontrol

  • MC-Retro says Wot!
  • Trade Count: (+13)
  • Full Member
  • ***
  • Offline Offline
  • Posts: 7855
  • Last login:November 06, 2024, 06:22:12 pm
Re: Blaster Worm-like activity
« Reply #2 on: September 21, 2005, 04:12:03 pm »
I'm running 2000 pro and not having any problems here.....

Logged

ChadTower

  • Chief Kicker - Nobody's perfect, including me. Fantastic body.
  • Trade Count: (+12)
  • Full Member
  • ***
  • Offline Offline
  • Posts: 38212
  • Last login:June 22, 2025, 04:57:38 pm
Re: Blaster Worm-like activity
« Reply #3 on: September 21, 2005, 04:13:01 pm »

Could be the problem is on a controlling server and not local.  forced reboots happen at the command of a network controller.
Logged

mrhowell

  • Trade Count: (+1)
  • Full Member
  • ***
  • Offline Offline
  • Posts: 201
  • Last login:June 17, 2025, 09:02:52 pm
Re: Blaster Worm-like activity
« Reply #4 on: September 22, 2005, 09:15:28 am »
Go to control panel. Run adminstrative tools. Run services.  Find Remote Procedure Call (RPC) and double click.  Under the recovery tab, set all three to take no action if they are set to restart.  The blaster fix I use has always worked,  if you need it, send me a message and I will email it too you.
Logged
What is that pappy?

ChadTower

  • Chief Kicker - Nobody's perfect, including me. Fantastic body.
  • Trade Count: (+12)
  • Full Member
  • ***
  • Offline Offline
  • Posts: 38212
  • Last login:June 22, 2025, 04:57:38 pm
Re: Blaster Worm-like activity
« Reply #5 on: September 22, 2005, 09:19:52 am »

If it is a work machine, he is not likely a local admin.  He probably can't do what you're describing.
Logged

abrannan

  • Trade Count: (0)
  • Full Member
  • ***
  • Offline Offline
  • Posts: 858
  • Last login:July 25, 2012, 11:32:14 am
  • Building a cabinet in perpetuity since 2002
Re: Blaster Worm-like activity
« Reply #6 on: September 22, 2005, 09:24:41 am »
Wow, that's old stuff.  That's LSASS exploit activity (MS04-011 patch).  The same vulnerability that gave rise to the Sasser worm April 2004.  The 60 second countdown thing occurs when you overflow the buffer in the LSASS process.  It could be that your AV is protecting you from the actual virus code being run on your system, but you're still rebooting from the vulnerability being exploited.  Get the patch installed, and (if you have the appropriate rights) get windump and watch port 445 traffic on your NIC.  You'll probably see something hitting you fairly frequently that shouldn't be (Something that's not a Domain controller, file server, or helpdesk PC).  That's probably the Sasser infected system. 
Logged
If no one feeds the trolls, we're just going to keep eating your goats.

ChadTower

  • Chief Kicker - Nobody's perfect, including me. Fantastic body.
  • Trade Count: (+12)
  • Full Member
  • ***
  • Offline Offline
  • Posts: 38212
  • Last login:June 22, 2025, 04:57:38 pm
Re: Blaster Worm-like activity
« Reply #7 on: September 22, 2005, 09:27:51 am »

Ask if you're the only one getting it.  If everyone is, then it may actually BE the domain controller.

Of course, this isn't your job.  Nice network admins you have there.
Logged
Pages: [1]
  
Go Up
« previous next »