rik Posted August 11, 2003 Share Posted August 11, 2003 As you all probably know by now the NET has been inundated with buffer overflow atacks since about noon CST...Sorry I don't have a screen shot of the message for ya but the verbiage of the message is: "The system is shutting down. Please save all work in progress and log off. Any unsaved changes will be lost. This shutdown was initiated by NT AUTHORITY\SYSTEM." Below that is a timer that counts down to reboot and below that "Windows must now restart because the Remote Procedure Call (RPC) service terminated unexpectedly."This is due to the exploit that everyone has been alerting us too and telling us to run our Windows Updates. If this does happen to you, enable or run and firewall SW you have and block "MSBLAST" from accessing the NET. Then run your Windows updates... Link to comment Share on other sites More sharing options...
DaveXP Posted August 11, 2003 Share Posted August 11, 2003 Never had one of them before. Link to comment Share on other sites More sharing options...
WildKat Posted August 11, 2003 Share Posted August 11, 2003 Just got the message and it restarted, I enabled the standard XP firewall for my Internet and it seems to be okay now.How is this issue resolved? Windows Update doesnt seem to have the corresponding update Link to comment Share on other sites More sharing options...
rik Posted August 11, 2003 Author Share Posted August 11, 2003 I don't recal exactly which patch covers it...d/l all of 'em... Link to comment Share on other sites More sharing options...
WildKat Posted August 11, 2003 Share Posted August 11, 2003 all of them?! Im still on my 56k, havent updated since SP1How do I disable MSBLAST and will it affect anything? Link to comment Share on other sites More sharing options...
Aaron Posted August 11, 2003 Share Posted August 11, 2003 Yeah I've heard reports from a private newsgroup I go to and appears to be worsening, time to make a news post about this, no matter how old the flaw is! Link to comment Share on other sites More sharing options...
DaveXP Posted August 11, 2003 Share Posted August 11, 2003 This may seem stupid but is it casue by visiting web sites or is it just a radom thing which happens. Link to comment Share on other sites More sharing options...
DaveXP Posted August 11, 2003 Share Posted August 11, 2003 Screenshot for you people Link to comment Share on other sites More sharing options...
WildKat Posted August 11, 2003 Share Posted August 11, 2003 should i delete msblast.exe? my norton is up to date but it doesnt find it as a virus/worm Link to comment Share on other sites More sharing options...
Aaron Posted August 12, 2003 Share Posted August 12, 2003 Symantec are currently writing signatures to remove the worm, hence why there isn't a liveupdate yet.Removal instructions are on the Symantec Security Response page. If you have already patched the RPC Security flaw then msblast.exe is defunct Link to comment Share on other sites More sharing options...
bisco2k Posted August 12, 2003 Share Posted August 12, 2003 for you guys thats getting the 60 second error run through those steps...1 startup your computer2 wait for the 60 second shutdown message3 goto RUN in the start menu & type in "shutdown.exe -a" (minus the quotes)that will stop the shutdown of your computer & can give you time to grab the update patchremember to run a virusscanner to delete all the bullsh*t out ur systemhope this helps Link to comment Share on other sites More sharing options...
darkkavenger Posted August 12, 2003 Share Posted August 12, 2003 What ports is using this attack ? Is there a place where i can check about it ? [heads to symantec security]I think our firewall is locked well enough though.EDIT : I checked about it on Symantec website, and took extra preventive measures, though the servers were already patched and firewall in place.Thanks for the info. Link to comment Share on other sites More sharing options...
Aaron Posted August 12, 2003 Share Posted August 12, 2003 Yep, the Symantec Security Response page on the W32.Blaster worm will tell you what ports to block. Link to comment Share on other sites More sharing options...
Guest shivamparikh Posted August 12, 2003 Share Posted August 12, 2003 just wanted to let you know that this RPC error has hit India too. I live in a part of india thats got a tremedous shock for win 2000 and xp DIAL UP users...dont know about cable though. My cousing in UK (Cambridge) is having the same problem. Thanks AaronXP !!! with ur help and patch updates, i got me and my friends...lots of friends...computers working...and got my cuzin bro and his friends's computers all working too.Keep the news of the microsoft patch on the front page first item for a few days till the worm dies off!Shivam Parikh Link to comment Share on other sites More sharing options...
DaveXP Posted August 12, 2003 Share Posted August 12, 2003 I have the patch on my laptop which i upgrade to windows xp that the weekend and the problem still comes up. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now