Please help a computer dummy

Hopefully I've gotten someone's attention. I'm trying to load ad-aware SE personal onto my new computer. I keep getting a NT/Authority/System error pop up on my screen that tell me the system is shutting down and it does after 60 seconds. It says something about remote procedure call (RPL) service terminated immediately. Is this a virus of some kind and if so how can I get rid of it???? and load my ad-aware? Thank you.

 

You have the Blaster worm:

http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

 

Sounds like the Blaster Worm. Here's a link:

http://www.microsoft.com/security/incident/blast.mspx

You should keep your machine properly updated via Windows Updates - That is step #1 for avoiding malware!

PP

***I'm always a minute behind these days!!

 

Thank you so much. Is there a charge for software to remove it?

 

Removal tools are free, but if you want to send me and Phillie some $$, we won't mind-- just kidding. If you follow the intructions at the link I provided instead, the removal procedure is much more straightforwardly and completely explained.

 

Thank you, I'll try again. I don't think the link would connect when I tried it the first time.

 

Actually the link did work,but when I had the "blaster" up on my screen and followed the steps, I did not find a msblast.ex in the processes so I couldn't end the process. I think I mentioned this to someone else... and wonder if it could be found under a different name in the processes? Thank you.

 

It could very well be a different name. The Symantec instructions do not require you to end the process in order to effect removal. Their tool will do it for you.

 

I went into the website and downloaded the removal for Windows XP which I have. I then rebooted. I then opened the icon on my desktop for the ad-aware to try to run that program and I got the NT/Authority error again and was shut down. Now I'm totally confused about what to do.

 

Did you download the removal tool from Symantec's site and follow the rest of the instructions there? Did you actually run the tool, or just download it? Forget about AdAware for the moment.

 

I went into the Microsoft site and downloaded something for the blaster if you had Windows XT. It had several numbers in it starting wtih an 8 I believe. So the problem may be that I didn't run it, I only downloaded it. I will go back and see if I can find instructions on how to run it but I didn't see anything about that. Thanks again, you have been so helpful.. I haven't been able to get much sleep worrying about this.. just bought this computer brand new a few weeks ago.

 

Can someone tell me how to Run the KB823980 for Windows XP that I downloaded to get rid of the Blaster? I went to the Microsoft website and loaded it but now I don't know how to find it and run it from my computer. Thanks.

 

And I forgot to mention, when I downloaded, I was prompted to either open or run, but I was only able to open it, the option to "run" wasn't an option.

 

Okay, one more problem to add. I cannot find the virus filename when I perform a control alt delete! I know to search for msblast.exe and that there are names it could be such as as ttkids.exe and penis32.exe. I have none of the file names.

 

When you were on the Microsoft page, did you read this?
System Requirements
Supported Operating Systems: Windows 2000 Service Pack 2, Windows 2000 Service Pack 3, Windows 2000 Service Pack 4, Windows XP

MS03-026 [KB823980] <- Do you have this security update installed? If not, you can download it from the bottom of the same page. If you do have it installed, and you clicked open on the download options, it should have run on installation.

Do you still have the Blaster symptoms?

 

I updated the security and downloaded he kb823980 for windows xp. i have since saved it to my desk top and run it, and it tells me the blaster worm was not found on my computer. so now i am back to zero and don't know what to do next. What originally started this was I was trying to run Ad-Aware and i keep getting booted off my computer by what I was told was the blaster worm - an NT/Authority/System error which refers to shutting down ..remote procedure call (RPC) service terminated immediately" - exact wording as i've seen in what i've read about the blaster worm. Please help

 

braffert,

If you're still having problems, have you tried TheDoug's link? http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html.

It does have a lot more detailed instructions, but read the whole page before you start.

Good Luck!

 

This could also be the W32.Sasser.Worm, before we continue in diagnostics please follow the steps in this sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.

After doing ALL of the above if you still have a problem:

Make sure you have HijackThis 1.99 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis as a .txt file attachment to your message. All running programs should be closed,including your web browser, e-mail. Close before running Hijack This!

Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT