Greg,
It's a virus (apparently quite new). I have a client that has the same
problem (known as W32.Blaster.Worm at Symantec site).
You need to install the Windows XP Security Patch as follows.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
bulletin/MS03-026.asp
Unfortunately, Symantec do not provide manual removal instructions, however
an updated version of their software should discover and remove all files
infected with the virus. You will however need to apply the MS Patch as
well.
Regards
Mike McNeil
Queenstown NZ
-----Original Message-----
From: PCSOFT - Personal Computer software discussion list
[mailto:[log in to unmask]]On Behalf Of Greg De Guzman
Sent: Tuesday, 12 August 2003 11:07
To: [log in to unmask]
Subject: [PCSOFT] Virus or what?
I'm troubleshooting a friend's computer that started behaving erratically
that shows a pop-up after about 5 minutes that says "windows is shutting
down due to a ____ terminated process". The pop-up starts a timer within
itself after which the system re-starts. This process repeats itself
ad-infinitum everytime the computer re-starts.
I thought of peeking through the start-up list and see what the system was
loading and looked for unfamiliar programs. One entry caught my attention,
and it is "msblast.exe". I did a search from the computer's Start Menu for
the "msblast.exe* and it found the ff:
c:\Windows\System32\msblast.exe
c:\windows\Prefetch\MSBLASTEXE-09FF84F2.pf
Deactivating the "msblast.exe" from the Start-up List stopped the process.
What are these files? Are these Virus Payloads? Nothing was detected through
the Norton AV installed with a Virus Definition dated 6/27/03 after
repeating the Scan.
Thanks for any inputs.
Greg
PCSOFT maintains many useful files for download
visit our download web page at:
http://freepctech.com/downloads.shtml
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.507 / Virus Database: 304 - Release Date: 4/08/03
Curious about the people moderating your
messages? Visit our staff web site:
http://freepctech.com/staff.shtml
|