NT AUTHORITY\SYSTEM RPC EXPLOIT WORM read now!

May 22nd, 2004, 12:24 am

Go to this page:

http://www.blackviper.com/AskBV/tech10.htm

Print it in its entirety from your machine if possible or a friends / internet cafe etc. Specifically check the 'Second' area for notes on stopping your machine from rebooting. The below command stops it:

shutdown -a

It discusses a way of stopping the auto shutdown from happening thus allowing you to work on it at your leasure.

Also try and get someone to burn you a copy of Zonealarm (free) from Zonelabs.com or any other firewall software. That should allow you to safely browse the net to get fixes etc.

S

June 5th, 2004, 1:54 pm

All that u can do is wait for the antivirus definitions of next month. But u can have temp. relief if u STOP using IE. Use Netscape 6/Neoplanet/Opera/MSN explorer instead. IE6 has something to do with a file called LSASS.EXE . It updates that file from the internet which in turn spreads the worm if u rnt behind a firewall. Changing ur browser would also allow u to continue using MSN msgr, ICQ , Yahoo Msgr. , MiRC etc. BELIEVE ME.. ive switched to Netscape & MY PROB IS SOLVED.

June 5th, 2004, 6:40 pm

Hey, hows it going ashley?
I created thisa ccount here for the soul purpose of answering this question after this I won't be here..

Just cause I like to help Damsels In Distress, and I really am your enemy. Webmasters piss me off. Run some exploits on your servers and you go inform the federals. Panzies.

Anyways, Listen to the solution (I studied this worm, pretty harmless)

OK next time this happens Ashley do this.

Go to Start --> Run--> type: shutdown - a , this should stop the computer from shutting off. Basically its like putting it in Safe Mode.

You can work like this, but you can do what needs to be done.
Go download an antivirus my suggestion is AVG its free.

The site is http://www.grisoft.com. Download that. Wait to activate it. Activate it. Then Restart the computer. And do a scan , or do a scan before restarting. It should fin the bug. After this, go to the Windows Update page. ( Search on google, cause i forgot the link) And update!!!!

Unless of course you have a ilelgal copy of the OS.
In that case....umm your screwed. ? Lol..jks.
If its illegal talk to me on my email : titussoporan@hotmail.com

I don't want to discuss that here.
Well I hoped that help.

-----------------------------------------------

7h3 m@55 pIR@73r

the leetness is unbearable

June 7th, 2004, 11:49 pm

I have been online for about 6 weeks -- so I know absolutely nothing. The NTAUTHORITY\SYSTEM pop-up has been driving me crazy for the last 2 weeks. Unfortunately, yesterday (before I knew this forum existed) I stopped the shutdown cycle -- and now really have problems. Please help me get rid of this RPC Exploit Worm. I have limited knowledge of technical terms, so I need to know in simple language what to do -- I can't even send an email -- says I don't have enough memory. It won't let me get into Microsoft update sites, my Norton Antivirus won't scan now, my firewall is not enabled -- I don't know what to do. I am 60 years old and have no one to help me learn about the internet. Please tell me how to get rid of this. Thank you.

June 8th, 2004, 5:40 pm

Type Shutdown -a and that will stop the message that says 60 sec to shutdown

June 8th, 2004, 6:43 pm

it deosnt work on me

January 4th, 2005, 4:29 pm

PLEASE help me!!! I've done everything these ppl are telling me and this worm is STILL HERE!!! Although...it only starts when i try to run Ad-Aware Personal edition 6.0 and it will shutdown.... I've done the dang Registry Edit...nothing there that they said was...Ctrl-Alt-Delete...nothing there...although 3 suspicious items have popped up recently...don't know if this is the same worm WinComm.Exe, WinCtlAd.exe, WinCtlAdAlt.exe and WinLock.Exe this is really annoying me... please help!!!


AOL INSTANT MESSENGER S/N- xxfhspatriotxx
EMAIL-Shadowwolf1262@yahoo.com
Yahoo IM- xxmikevercellixx

Desperate for fix

January 5th, 2005, 10:39 am

here is a small tip that will give you time to scan your PC and install a firewall (i suggest Zone Alarm and i also suggest you get used to it cause its a bit tough)

When you get the message, just set you time to 4 hours less (yes the clock on the right of the task bar...)

It will give you enough time to scan and clean your PC and also install Zone Alarm (or set the XP firewall is you're using it and have sp2 installed)

August 20th, 2005, 2:11 pm

I am having the same problem with the shut down. I don't have the virus when I hit cntrl alt del anymore but when I go to use adaware my auto shut down starts. Is there anything I can do. I have tried to download new updates but it says I don't need them and won't download it. then I run my etrust and get trojan viruses constantly. So.... is there anything I can do at this point?

thanks in advance

July 1st, 2006, 11:22 pm

I am experiencing the very same problem and i tried all the suggestions i found here and some other tricks i know, and nothing has worked. the virus is not stopping me from using the internet, however it does bring up the NT AUTHORITY\SYSTEM message and shuts down my computer every time i try to use AdAware. i downloaded the symantec blaster worm fix tool and the first time i ran it it said that it had detected the blaster worm on my computer and then said it has successfully removed and fixed the problem. i also bought and set up norton firewall and renewed my antivirus support. i also ran Search and Destroy by Spybot and nothing has removed it it seems. i have also made sure noone can remotely access my computer, as i saw suggested somewhere.

As i said i am only experiencing this message when i try to run adaware, so far it seems to not have infected any other operations on my machine, and i am all out of ideas. when i run the symantec blaster worm fix tool now it says no worm detected, so i dont know what else to do. Could anyone offer any suggestions for me?

Iam also on a pc that is running XP Professional SP1, so i dont know if that has something to do with it, but when i downloaded sp2 lasrt time it gave me the blue screen of death and ruined my hard drive so i had to replace it. now im scared to download SP2, if anyone knows how i can safely install SP2 on a pretty old machine id like to know how to do that as well(dell told me that SP2 doesnt like some older machines and will make em crash, so thats why im scared to update to SP2)

July 2nd, 2006, 12:07 am

Try following the instructions in this post:
http://www.ozzu.com/ftopic34568.html
Just ignore the part about running Adaware but try SpyBot Search & Destroy.
Create a new topic for the Hijack This log rather than posting it in this topic though, that way this topic won't become full of HJT logs

I'm wondering if maybe a piece of spyware is detecting adaware running and shutting down something that isn't supposed to be closed in its own protection. Either that or Adaware has a serious bug in it that is causing it to happen.

The online virus scanners mentioned in that post should remove things like MS Blaster etc as well.

February 14th, 2008, 7:50 pm

disconnect your connection to the net. this seems to stop the worm from executing itself.

November 1st, 2009, 8:35 pm

Goodness. Didn't read all replies don't hate for me for posting this if its already been posted. Somehow, I've countered this and its 2009!

Anyways, I registered just to give some info about this virus.

If it gives an attempt to shut down your computer.

Go to the start menu > hit run >
type:
shutdown -a
and it stops it. Now that is just for emergencies for like trying to find the patch but it tries to shut you down.