E' il W32.Blaster.Worm (aka W32/Lovsan.worm)!!



I messaggi di errore (sempre quando vi connettete a internet ) potrebbero essere come questo:

"Il sistema sta per essere arrestato.salvare tutto il lavoro in corso e chiudere la sessione. Tutte le modifiche salvate andranno perse. L' arresto è stato iniziato da NT AUTHORITY/SYSTEM Tempo rimasto prima dell'arresto: 00:00:40

Messaggio:

E' Necessario riavviare Windows Perchè il servizio RPC (Remote Procedure Call) è terminato in modo imprevisto"



Allora, ti devi Scarica qst: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.aspdal sito Microsoft (i link sono diversi per ogni sistema operativo e seleziona il linguaggio corretto). Se hai Windows XP clicca http://download.microsoft.com/download/a/2/f/a2fddb77-f81d-4fe5-a819-8787cba53a4b/WindowsXP-KB823980-x86-ITA.exe



Dopo rimuovi il worm qui : http://www.sarc.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html(Tools di rimozione Symantec)



ciao

2

Per risolvere il problema procedi così!!!!! Allora vai su "start", scegli "Esegui" (si trova in basso alla colonna di destra) poi all'interno dello spazio bianco scrivici "msconfig" (senza le virgolette) poi metti OK. Così si aprirà l'Utilità Configurazione di sistema; scegli la scheda "avvio" (in alto a destra) e clicca su "Disabilita tutto" (in basso a destra) poi metti OK e riavvia il PC. (aiutati con questa immagine http://img212.imageshack.us/img212/7671/30375646ay4.jpg)

Dopo disinstalla l'antivirus che possiedi e installa Antivir (gratuito) che puoi scaricare da qui.

http://download.softpedia.ro/dl/8faf9963a6335560fa59bf62badfe3f1/47738a98/100006527/software/ANTIVIRUS/antivir_workstation_win7u_en_h.exe

Poi aggiornalo e fai una scansione di tutto il PC!!!!

SOLUZIONE UFFICIALE DI MICROSOFT



Problema NT AUTHORITY / SYSTEM !!!!



this is an important notice. as some of you may know iwork tech support for a cable internet provider. today was a living hell here at work, because litterally 10's of thousands of people flooded the call center with this worm that has unleashed its fury on ALL versions of windows, mostly windows XP and window 2000.



i was hit by this thing and it was a bitch to remove. (i didnt remove it my girlfriend actually did while i was stuck at work,(yup she is a guru like me, lol)) but it got taken care of. look for a post below real soon for the removal instructions.



Symptoms:



you get a windows message that says



System Shutdown:

This System is Shutting down. Please save all work in progress and log off. Any unsaved changes will be lost. This shutdown was initiated by the NT AUTHORITY\SYSTEM



TIME BEFORE SHUTDOWN 00:00:60



Message:

Windows must now be restarted because the Remote Procedure Call (RPC) service. terminated unexpectedly



Technical Details

The Remote Procedure Call (RPC) protocol on the Windows operating systems provides a mechanism for a program running on one machine to execute code on another machine. Windows uses the Distributed Component Object Model (DCOM) to help manage communications of Windows components over a network, typically (but not always) the TCP/IP networks used in most environments. The DCOM interface to RPC accepts network connections on TCP port 135, and fails to validate message inputs during the instantiation of DCOM objects. By sending an appropriately malformed RPC message, an attacker can cause a vulnerable machine to execute arbitrary code within the security context of the RPC service, typically the SYSTEM context [1,2].



The researchers who discovered the vulnerability were able to create proof of concept exploits for Windows 2000/XP (running SP4 and SP1 respectively). They were also able to bypass the buffer overflow protections included as part of Windows 2003, and gain SYSTEM privileges there as well.



The vulnerable components of the Windows operating system are installed by default on all versions of Windows, and cannot be disabled without crippling a number of core Windows components.





references:



http://www.microsoft.com/technet/security/bulletin/MS03-026.asp



http://lsd-pl.net/special.html



http://www.cnn.com/2003/TECH/internet/08/11/internet.attack.ap/index.html





finding and identifying the problem:



Go and get the patch from here, choose the right version for your system. If

you don't know whether your system is "32 bit" or "64 bit" then its 32 bit.

http://support.microsoft.com/?kbid=823980



Next check your system for unusual processes that may be running. In

particular watch out for:

(NOTE, THIS LIST IS NOT EXCLUSIVE, KEEP AN EYE OUT FOR ANY UNUSUAL ACTIVITY)

MSBlast.exe

rpc.exe

rpctest.exe

dcomx.exe

lolx.exe

worm.exe



Scan with an up-to-date virus scanner to help with removal of nasties that

might be left on your system.

Next, visit http://windowsupdate.microsoft.com and grab hold of all

critical updates. Yes, all of them. Try to make a habit of doing this on a

regular basis. note tht critical updates are mentioned. not the standard updates. critical updates usually fix exploits to your computer that can cause problems by hackers or viruses.

Formatta è la cosa più semplice da fare.

Ma lo usi un antivirus?