Is there some new version of the blaster worm around?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I am having a known problem in an unknown area: My Windows 2000 1.6 GHz AMD
K6 Compaq machine is continuously rebooting. The new problem appears to be
that it doesn't revolve in a continuous loop, the machine works for anything
from a few seconds to a few minutes before automatically rebooting.  I
haven't found any reference to this on line

And it DOES connect to the Internet. I did manage to download multi_av and
run Trend and Kaspersky. Trend  and Kaspersky found nothing, both in normal
and safe modes.  I then tried to run  Sophos and was running when I went to
bed, after which I woke up the next morning and found the computer at the
log in screen again, which indicates either that it found nothing or that it
simply rebooted before Sophos could find anything

Has anyone seen this before?



Re: Is there some new version of the blaster worm around?

From: "news.rcn.com" <news.rnc.com>

| I am having a known problem in an unknown area: My Windows 2000 1.6 GHz AMD
| K6 Compaq machine is continuously rebooting. The new problem appears to be
| that it doesn't revolve in a continuous loop, the machine works for anything
| from a few seconds to a few minutes before automatically rebooting.  I
| haven't found any reference to this on line
|
| And it DOES connect to the Internet. I did manage to download multi_av and
| run Trend and Kaspersky. Trend  and Kaspersky found nothing, both in normal
| and safe modes.  I then tried to run  Sophos and was running when I went to
| bed, after which I woke up the next morning and found the computer at the
| log in screen again, which indicates either that it found nothing or that it
| simply rebooted before Sophos could find anything
|
| Has anyone seen this before?
|

Worms such as Lovsan/Blaster and DSasser and their successors;  SDBot, RBot,
GAOBot, MyTob,
RadeBot, etc...  would generate a 60 sec. NT AUTHORITY\SYSTEM shutdown message
such as...

NT AUTHORITY\SYSTEM
'c:\windows\system32\lsass.exe' terminated unexpectedly with status code
-1073741819

    or

NT AUTHORITY\SYSTEM
Windows must now restart becuase the Remote Procedure Call (RPC) service
terminated
unexpectiedly.

With the RPC message, you can get that for "other" reasons not realted to worm
activity.

In all the above casees TCP protocols are exploited.  TCP port 135 for RPC/RPCSS
DCOM and
TCP port 445 for the LSASS module.  Using a simple NAT Router such as the
Linksys BEFSR41
greatly mitigates such internet worm port exploitations.

You have NOT shown any substantiating information to show this is worm
exploitation.

Most system aut-reboots are caused by hardware problems.  CPU, RAM modules, CPU
fan, etc.




--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: Is there some new version of the blaster worm around?

'news.rcn.com' wrote, in part:
| I am having a known problem in an unknown area: My Windows 2000 1.6 GHz
AMD
| K6 Compaq machine is continuously rebooting.
_____

Have you considered a hardware problem?  That seems more likely than malware
since scans have found nothing.

Phil Weldon

"news.rcn.com" <news.rnc.com> wrote in message
|I am having a known problem in an unknown area: My Windows 2000 1.6 GHz AMD
| K6 Compaq machine is continuously rebooting. The new problem appears to be
| that it doesn't revolve in a continuous loop, the machine works for
anything
| from a few seconds to a few minutes before automatically rebooting.  I
| haven't found any reference to this on line
|
| And it DOES connect to the Internet. I did manage to download multi_av and
| run Trend and Kaspersky. Trend  and Kaspersky found nothing, both in
normal
| and safe modes.  I then tried to run  Sophos and was running when I went
to
| bed, after which I woke up the next morning and found the computer at the
| log in screen again, which indicates either that it found nothing or that
it
| simply rebooted before Sophos could find anything
|
| Has anyone seen this before?
|
|



Re: There are no google results which point to re-starting being emblematic of any particular hardware problems


Quoted text here. Click to load it

I was a bit scared to think about that as I wouldn't know how to isolate it.
But I was suspicious as there is never an error message, just a simple shut
down and restart. Does the OS generate a log anywhere which might enlighten
me?



Re: There are no google results which point to re-starting being emblematic of any particular hardware problems

news.rcn.com wrote:
Quoted text here. Click to load it

XP, I assume, otherwise you'll need to google for instructions:

System Properties-->Advanced-->Startup and Recovery (click "Settings").
Under "System Failure," untick the "Automatically Restart" box. You'll
then be able to get a look at the BSOD.

You might also want to check Event Viewer for error messages.

--
Rhonda Lea Kirk

Happiness limits the amount of suffering one is
willing to inflict on others. Phèdre nó Delaunay



Re: There are no google results which point to re-starting being emblematic of any particular hardware problems

'news.rcn.com' wrote:
| I was a bit scared to think about that as I wouldn't know how to isolate
it.
| But I was suspicious as there is never an error message, just a simple
shut
| down and restart. Does the OS generate a log anywhere which might
enlighten
| me?
_____

Probably not.  You report a reboot with no notice, so there is unlikely to
be any type of event entry.  Just a guess, but what you have might be an
overheating problem or a power supply problem.  You could check the CPU and
motherboard temperatures, and you could try swapping the power supply for a
known good supply.  Since you write "as I wouldn't know how to isolate it",
consider warranty repair in applicable or a good computer repair shop.  Also
you could try posting in a hardware oriented newsgroup; this really isn't
the place to get extensive help diagnosing a hardware problem.  Sine you
have no positive indication of malware a hardware problem related to heat,
age, or failing power supply is likely.

Phil Weldon

"news.rcn.com" <news.rnc.com> wrote in message
|
| > Have you considered a hardware problem?  That seems more likely than
| > malware
| > since scans have found nothing.
|
| I was a bit scared to think about that as I wouldn't know how to isolate
it.
| But I was suspicious as there is never an error message, just a simple
shut
| down and restart. Does the OS generate a log anywhere which might
enlighten
| me?
|
|



Site Timeline