Jump to content
Ghost Recon.net Forums

Recommended Posts

For some reason, for the past few minutes, after I get online, I get some wierd error box come up...it says "THE SYSTEM IS SHUTTING DOWN. PLEASE SAVE ALL WORK." then it says sthis shutdown was initiated by NT AUTHORITY\SYSTEM

then something about Windows must restart because the RPC service terminated.

Link to post
Share on other sites
  • Replies 86
  • Created
  • Last Reply

Top Posters In This Topic

Im getting the same problem. It is a virus. It's called msblast. Ctrl + Alt + Delete and cancel the process. Now, open up the registry, and go to:

HKEY LOCAL MACHINE | SOFTWARE | MICROSOFT | Windows | CurrentVersion

Then, click on Run. The name will be in all lower case letters, and it's called msblast under Data. Delete it. Im running a virus scan now but picking up nothing. Stay tuned.

Edited by Crimson
Link to post
Share on other sites

Yep....been doing it to me for 2 days. Sigh. Windows strikes again.

I came up clean on the virus scan incidentally.

What is that msblast anyway? Anyone know?

Edit:

Looks like some kind of search something or other. Sigh. Does anyone know what it hitched a ride on to get into our systems?

Another edit:

Deleted that file. System shutting down on me again. Sigh.

Edited by SOTOPhantm
Link to post
Share on other sites

omg, I was just talking to Chems, he's got it, we where talking on MSN. He gave me a screen of the error box, he'll be so happy about this post, lol.

How has so many people got it at the same time?

Link to post
Share on other sites
msblast is an X-windows interface utility to do BLASTing on multiple sequences. This program uses network BLAST programs.

msblast program was developed and produced by Rao Parasa and John Powell of CIT at NIH.

Msblast seems to have beneficial uses too...are you sure it is the problem?

Link to post
Share on other sites

Read This!

When W32.Blaster.Worm is executed, it will do the following:

Adds the value:

"windows auto update"="msblast.exe"

to the registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

so that the worm runs when you start Windows.

Send data on TCP port 135 that may exploit the DCOM RPC vulnerabilty to allow the following actions to occur on vulnerable machine:

the worm to be download and run using the program tftp.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...