Archived from groups: microsoft.public.windowsxp.newusers (
More info?)
Not sasser, but blaster. However, the method to stop the shutdown is the
same.
Information:
http://www.kellys-korner-xp.com/xp_qr.htm#rpc
http://www.pchell.com/virus/msblast.shtml
http://vil.nai.com/vil/content/v_100499.htm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html
http://www.bigblackglasses.com/Article.aspx?Article=342
You need the patch described here to protect against it:
MS03-039: A Buffer Overrun in RPCSS Could Allow an Attacker to Run Malicious
Programs
http://support.microsoft.com/?kbid=824146
Problem is, you needed to install the patch BEFORE you got infected to avoid
it.
--
Best of Luck,
Rick Rogers, aka "Nutcase" - Microsoft MVP
http://mvp.support.microsoft.com/
Associate Expert - WindowsXP Expert Zone
www.microsoft.com/windowsxp/expertzone
Windows help - www.rickrogers.org
"NoNoBadDog!" <mysocks_bjsledge_AT_pixi.com> wrote in message
news:eIheFclWEHA.4064@TK2MSFTNGP11.phx.gbl...
> Congratulations!
>
>
>
> Your system is infected with the much publicized Sasser worm. You have
> allowed
> yourself to become infected because of ALL of the following;
>
>
> 1. You have not updated your version of Windows.
>
> 2. You are not using an UP TO DATE antivirus program.
>
> 3. You connected to the internet without a firewall on your computer.
>
> Until you correct ALL of the above situations, you will remain vulnerable
to
> infection not only by SASSER, but also by the thousands of other worms,
> viruses, trojans, keyloggers, spyware, malware, etc.
>
> Because you do not practice even the most basic level of computer
security,
> you are not only a threat to yourself but to the entire internet
community.
> When your machine is infected, it looks for other machines, owned by
persons
> like yourself who have poor computer security practices, to infect.
>
> First, disconnect from the network.
>
>
> When the shutdown message appears, go START > Run and type in
"shutdown -a"
> (without the quotes), and hit the enter key.
>
> Download the Windows critical update and the SASSER removal tool.here are
> the
>
> links..
>
>
>
> Security Update:
>
>
>
>
http://www.microsoft.com/downloads/details.aspx?FamilyId=3549EA9E-DA3F-43B9-A4F1-AF243B6168F3&displaylang=en
>
>
>
>
>
> and the SASSER removal Tool:
>
>
>
>
http://www.microsoft.com/downloads/details.aspx?FamilyID=76C6DE7E-1B6B-4FC3-90D4-9FA42D14CC17&displaylang=en
>
>
> After rebooting, go to the website of the company that makes your
antivirus
> program and download all the updates that are available. If your
antivirus
> has expired, you must
> purchase a new one.
> Third, go to www.zonealarm.com and download the FREE firewall.
> Keep your version of Windows updated. Always install any critical patches
> that are posted to the Microsoft update website.
>
> Keep you antivirus program up to date. New virus detection signatures are
> released nearly on a daily basis, so this is something you should do every
> day. Not once a month, or "when I have time", or "when I remember".
>
> Once you have done these things, you will find your internet experience to
> be much safer and happier.
>
>
> Bobby
>
>
>
>
>
>
>
> "baker" <anonymous@discussions.microsoft.com> wrote in message
> news:2145601c45a51$3e486840$a401280a@phx.gbl...
> > New user of XP today. First time and each time since,
> > checking email with XP-I got error message...from NT
> > AUTHORITY SYSTEM (?) something about Remote Procedure
> > Call. When I did a search on Microsoft with Remote
> > Procedure Call, Wormblaster virus showed up under one of
> > the articles. I did a virus scan update and scan and my
> > report was clean. Anyone know what either NT AUTHO. SYS.
> > is or Remote Proc. Call?? and waht I should do about it??
> >
> > Thanks
>
>