please help I have a very bad virus on my computer - GoFuckYourself.com

Nima · 08-04-2003, 11:46 PM

Hi guys I dont know how the hell this happened but today at random times I get this small windows message that says:

----------------------------------------------
this system is shutting down. please save all work in progress and log off. Any unsaved changes will be lost. This shutdown was initiated by NT AUTHORITY\SYSTEM

will be shut down in : 0:59 ... 0:59....0:00
message:
windows must now restart because the remote procedure called (rpc) service terminated unexpectedly
------------------------------------------------

How do I fix this? I have never seen something like this before. how could this have happened? I have AVG and it found a virus but i could not heal or delete ormove to vault. this was befoe this happened so I dont exactly remember the name but the 2nd virus was patch.exe

Nima · 08-04-2003, 11:50 PM

it is happenign righ now! SHIT!!! =(((

Nima · 08-04-2003, 11:54 PM

Iam running XP. can someone help me please?

zzgundamnzz · 08-04-2003, 11:57 PM

Quote:

Originally posted by Nezster
it is happenign righ now! SHIT!!! =(((

http://f-prot.com/

Download F-Prot. Copy the free DOS version into your boot disk. Boot with the disk and run f-prot. This program kills all viruses.

Bake · 08-05-2003, 12:00 AM

http://housecall.trendmicro.com/

Nima · 08-05-2003, 12:15 AM

Quote:

Originally posted by Bake
http://housecall.trendmicro.com/

It found mscache.dll but it says UNCLEANABLE

damn =( how can I fix this file?

crazygirl · 08-05-2003, 12:47 AM

It means that the virus/worm was executed/run with a LocalSystem account. This would be true for a network-aware virus like FunLove and Bugbear. These viruses connect to open shares anonymously, therefore the default rights provided by the OS would be a LocalSystem account unless specified otherwise on the share.

you need to have a personal firewall on your pc. All share folders must be password protected and if you are using imesh or on of those do not share files. Lock the shared folder with a password.

since it is the NT Authority/system account this is a internal account and the system does change its passwords regularly for security purposes. You would not see this account in user manager just like you don't see the group everyone.
You, of course, have Zone Alarm or other personal firewall installed and antivirus installed so you have nothing to worry about. If not you need to get on of these like right now!

someone must have been poking around on your network... do you have a terminal service installed?

it can be done by a DOS worm, if it is a DOS worm if it occured simultaneously on a group of networked computers

open the task manager and end processes like csrss.exe, snmp.exesvchodt, svchost.exe if you can end these it is not a worm or virus in the DOS system.

in order for it not to gain entry the second time, also check out your terminal services like VNC... remote desktop, pc anywhere... someone might be playing with you... also you can download a trojan cleaner, if you accidentally downloaded a back orifice or any trojan virus which gives out access

hope some of this helps!!

Nima · 08-05-2003, 01:37 AM

Hi I did a system restore to go back 3 days ago and it seems to be ok now. I also scanned with my virus scanner again and it found a trojan horse backdoor-net bus virus =( It healed the virus but whoever did this had access to all of my files right ///

I want to install a firewall but the damn thing thinks everything is a threat to the computer. I dont know which file to block with it and which to allow.

funkmaster · 08-05-2003, 01:56 AM

Quote:

Originally posted by Nezster

I want to install a firewall but the damn thing thinks everything is a threat to the computer. I dont know which file to block with it and which to allow.

... firewalls will not prevent you from using outlook express.

... but if you wanna use an idiot proove firewall, you better use sygate ... I am a fulltime idiot myself and had no problems with it.

SpaceAce · 08-05-2003, 01:58 AM

Quote:

Originally posted by Nezster
Hi I did a system restore to go back 3 days ago and it seems to be ok now.

Don't count on it. This shit just started happening to me a few hours ago, too. I did a system restore and it seemed OK for a while, then it started again. There are like four threads about this on the front page right now.

SpaceAce

skrowyenom · 08-05-2003, 02:01 AM

Quote:

Originally posted by Nezster
Hi guys I dont know how the hell this happened but today at random times I get this small windows message that says:

----------------------------------------------
this system is shutting down. please save all work in progress and log off. Any unsaved changes will be lost. This shutdown was initiated by NT AUTHORITY\SYSTEM

will be shut down in : 0:59 ... 0:59....0:00
message:
windows must now restart because the remote procedure called (rpc) service terminated unexpectedly
------------------------------------------------

How do I fix this? I have never seen something like this before. how could this have happened? I have AVG and it found a virus but i could not heal or delete ormove to vault. this was befoe this happened so I dont exactly remember the name but the 2nd virus was patch.exe

same happining to me!

skrowyenom · 08-05-2003, 02:04 AM

can anybody help>? wtf is going on/

Nima · 08-05-2003, 02:06 AM

Quote:

Originally posted by SpaceAce

Don't count on it. This shit just started happening to me a few hours ago, too. I did a system restore and it seemed OK for a while, then it started again. There are like four threads about this on the front page right now.

SpaceAce

Shit are you serious?? did you also HEAL the virus?? that sould be it. If you healed that it should not happen again.

The virus is : trojan horse backdoor. netbus

SykkBoy · 08-05-2003, 02:08 AM

netbus is still around?

Tipsy · 08-05-2003, 04:39 AM

format c:

(someone had to

)

jact · 08-05-2003, 04:44 AM

http://www.gofuckyourself.com/showth...hreadid=160471

It gets upset if you try to fuck with it.

08-04-2003, 11:46 PM	#1
Nima Confirmed User Join Date: Feb 2003 Posts: 2,192	please help I have a very bad virus on my computer Hi guys I dont know how the hell this happened but today at random times I get this small windows message that says: ---------------------------------------------- this system is shutting down. please save all work in progress and log off. Any unsaved changes will be lost. This shutdown was initiated by NT AUTHORITY\SYSTEM will be shut down in : 0:59 ... 0:59....0:00 message: windows must now restart because the remote procedure called (rpc) service terminated unexpectedly ------------------------------------------------ How do I fix this? I have never seen something like this before. how could this have happened? I have AVG and it found a virus but i could not heal or delete ormove to vault. this was befoe this happened so I dont exactly remember the name but the 2nd virus was patch.exe

08-05-2003, 12:00 AM	#5
Bake Confirmed User Industry Role: Join Date: Jan 2001 Location: Outback of bumfuck Aussie Posts: 5,761	http://housecall.trendmicro.com/ __________________ Buy great domains from drunken burned out old webmaster CHEAP bullseyeporn.com art-met.com and more. Learn how to make a easy extra $500 per week

08-05-2003, 02:08 AM	#14
SykkBoy Jesus loves bacon Industry Role: Join Date: Feb 2001 Location: Sin City, Motherfucker Posts: 19,969	netbus is still around? __________________ Support my new movie “The Second Coming”

08-05-2003, 04:39 AM	#15
Tipsy Confirmed User Join Date: Jul 2001 Location: See sig Posts: 6,989	format c: (someone had to ) __________________ Ignorance is never bliss.

08-05-2003, 04:44 AM	#16
jact Confirmed User Join Date: Sep 2002 Location: Oakville, Canada Posts: 9,134	http://www.gofuckyourself.com/showth...hreadid=160471 It gets upset if you try to fuck with it. __________________ Free agent

08-04-2003, 11:50 PM	#2
Nima Confirmed User Join Date: Feb 2003 Posts: 2,192	it is happenign righ now! SHIT!!! =(((

08-04-2003, 11:54 PM	#3
Nima Confirmed User Join Date: Feb 2003 Posts: 2,192	Iam running XP. can someone help me please?

08-05-2003, 12:47 AM	#7
crazygirl Registered User Join Date: Aug 2003 Posts: 2	It means that the virus/worm was executed/run with a LocalSystem account. This would be true for a network-aware virus like FunLove and Bugbear. These viruses connect to open shares anonymously, therefore the default rights provided by the OS would be a LocalSystem account unless specified otherwise on the share. you need to have a personal firewall on your pc. All share folders must be password protected and if you are using imesh or on of those do not share files. Lock the shared folder with a password. since it is the NT Authority/system account this is a internal account and the system does change its passwords regularly for security purposes. You would not see this account in user manager just like you don't see the group everyone. You, of course, have Zone Alarm or other personal firewall installed and antivirus installed so you have nothing to worry about. If not you need to get on of these like right now! someone must have been poking around on your network... do you have a terminal service installed? it can be done by a DOS worm, if it is a DOS worm if it occured simultaneously on a group of networked computers open the task manager and end processes like csrss.exe, snmp.exesvchodt, svchost.exe if you can end these it is not a worm or virus in the DOS system. in order for it not to gain entry the second time, also check out your terminal services like VNC... remote desktop, pc anywhere... someone might be playing with you... also you can download a trojan cleaner, if you accidentally downloaded a back orifice or any trojan virus which gives out access hope some of this helps!!

08-05-2003, 01:37 AM	#8
Nima Confirmed User Join Date: Feb 2003 Posts: 2,192	Hi I did a system restore to go back 3 days ago and it seems to be ok now. I also scanned with my virus scanner again and it found a trojan horse backdoor-net bus virus =( It healed the virus but whoever did this had access to all of my files right /// I want to install a firewall but the damn thing thinks everything is a threat to the computer. I dont know which file to block with it and which to allow.

08-05-2003, 02:04 AM	#12
skrowyenom Registered User Join Date: Feb 2003 Posts: 489	can anybody help>? wtf is going on/