Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Blaster or not?

Nov 29, 2003 9:45AM PST

Please help me out.
My machine is on XP SP1 and Norton SystemWorks 2003 (Virus Defs - Sep.11 '03) and I connect thru the net using dial up in India.
As I was shifting houses I was offline for a few monhs and just got connected yesterday. While I was surfing yesterday I got a waring from NAV about a suspicious script action which I blocked. after that I got a msg saying "Generic Host Process for Win32 Services has encountered a problem and needs to close. We are sorry for the inconvenience." and then another window saying : "This system is shutting down. Please save all work. This shutdown was initiated by NT AUTHORITY\SYSTEM Windows must now restart because the Remote Procedure Call (RPC) service terminated unexpectedly." After checking online later after shut down I thought I had the blaster virus. I downloaded symantec's fixblast tool but it says that i am not infected but still the shuitdown occurs. I also downloaded the microsoft patch KB823980. Also on manually searching i did not find any msblast.exe file nor any instance in the registry. right I am surfing the net after disabling the RPC sao I am not getting shut down and have updated my virus defs. Help!

Discussion is locked

- Collapse -
Re:Blaster or not?
Nov 29, 2003 9:55AM PST

Is your anti virus up-to-date?

How To Remove the MSBlast Worm From An Infected PC

You may have difficulty doing anything about an MSBlast infection if your PC is rebooting frequently due to the RPC failure described above. If you have Windows XP, turning on the built-in Internet Firewall as described above should stop the reboots.

Run the free "Stinger" utility (version 1.8.0 or newer) from the Network Associates Web site at http://vil.nai.com/vil/stinger/ . Stinger is produced by the McAfee AVERT division of Network Associates, the makers of McAfee Virus Scan. It will remove Lovsan (McAfee's name for the MSBlast Worm) and a number of other recent worms, trojans, and viruses. Read the instructions on the Stinger web page carefully, then download Stinger from the web site and run it on your PC.

More Information About The MSBlast Worm:

For a detailed description of the Windows bug that allows MSBlast and similar exploits to operate, see Microsoft Security Bulletin MS03-026:

http://www.microsoft.com/technet/security/bulletin/MS03-026.asp

Read more here: http://216.239.57.104/search?q=cache:Zw6-1NN0UMAJ:www.charm.net/blaster.html+Generic+Host+Process+for+Win32+Services+has+encountered+a+problem+and+needs+to+close.&hl=en&ie=UTF-8

- Collapse -
Yikes - "forum bug" :(
Nov 29, 2003 10:01AM PST
- Collapse -
You're not infected...
Nov 29, 2003 10:47AM PST

However, your PC isn't patched to prevent the exploit. The reboot is initiated when the worm tries to infect your PC (note: tries, not does). The best method is to run a firewall (ICF if nothing else) and go to Windows Update for all the patches. You can also go to http://grc.com and download a utility to shut off the service.