Amie
08-17-2003, 04:10 PM
Topic: Blaster removed, still problems
--------------------------------------------------------------------------------
Posted By: Peter Tracy
Subject: Blaster removed, still problems
Date Posted: August 15 2003 at 12:15am
I was infected by W32.Blaster worm. Found removal tool and killed it. Still problem. Cannot reconnect to internet.
Cannot install the Windows patch.
"Setup could not verify the integrity of the file updated inf. Make sure the cryptographic service is running"
Went to services, the cryptographic service is not running and cannot be started.
Remote Procedure Call service is not running and cannot start.
"Error 1058: The service cannot be started either because it is disabled or because it has no enabled devices associated with it"
Cannot start System Restore:
"System Restore is not able to protect your computer. Please restart and then run again."
It does not help.
I also cannot start some applications
"Run time error 7. Out of memory"
In Control Panel Network Connections, no icon for my ISP.
Any advice??
Replies:
--------------------------------------------------------------------------------
Posted By: LeRoi
Date Posted: August 15 2003 at 4:15am
Hi,
I'm afraid I don't know enough about XP to be of any help except to suggest the repair option I've read about. It involves booting with the XP CD in the drive I believe and choosing repair. I'll try to find more info.
I hope someone comes along and can suggest something less drastic. Please wait and see before doing anything right away.
-------------
LeRoi//Compaq Presario 5005R//WinME (highly modified)//1.1GHZ T-Bird Processor//512MB Mushkin RAM//Nvidia TnT2 16MB graphics card//soundmax//Mozilla 1.2.1//Firebird 0.6//NSW2001
--------------------------------------------------------------------------------
Posted By: LeRoi
Date Posted: August 15 2003 at 4:43am
I finally found the article I was looking for, still wait for further advice: http://support.microsoft.com/default.aspx?...kb;EN-US;315341 (http://support.microsoft.com/default.aspx?scid=kb;EN-US;315341http://support.microsoft.com/default.aspx?scid=kb;EN-US;315341)
-------------
LeRoi//Compaq Presario 5005R//WinME (highly modified)//1.1GHZ T-Bird Processor//512MB Mushkin RAM//Nvidia TnT2 16MB graphics card//soundmax//Mozilla 1.2.1//Firebird 0.6//NSW2001
--------------------------------------------------------------------------------
Posted By: Peter Tracy
Date Posted: August 15 2003 at 10:32pm
I am wondering if that is only me that the procedure of recovering after worm removal is not working. Has this worm caused so much damage before removal only on my computer? I hope that other people have the same problem and the solution will be found. My brand new computer is practically unusable.
I am so happy that I still keep my old computer connected in the garage.
--------------------------------------------------------------------------------
Posted By: Ranger Bob
Date Posted: August 15 2003 at 10:45pm
Hate to tell you this but the few people that I have seen on the forums that have had these types of problems have had to reinstall Windows XP to fix it. If you don't find something else you could try a Windows XP Repair to see if that fixes your problem. It might retain your existing software and settings so you don't have to do a complete clean reinstall.
--------------------------------------------------------------------------------
Posted By: Shiznit-O-Bam
Date Posted: August 15 2003 at 11:17pm
Hmm I dont know much about this but maybe this will help. Check http://securityresponse.symantec.com/avcen...b.worm.htmlhere (http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.b.worm.htmlhere) (Symantec site) and scroll down to the part where it says "1. Restoring Internet connectivity" and see if that seems like it could be the problem.
-------------
:: P4 3.06Ghz :: 512 DDR :: Asus P4G8X Deluxe :: Radeon 9700 AIW :: 80GB 7200 :: Windows XP Pro ::
--------------------------------------------------------------------------------
Posted By: sixpac
Date Posted: August 16 2003 at 1:31am
start by physically disconnecting the computer from the network and Internet. Then kill off the MSBLAST.EXE process. Press Ctrl+Alt+Del to bring up the Task Manager – in Windows 2000 you'll also click the Task Manager button. Click the Processes tab, highlight MSBLAST.EXE in the list, and click the End Process button.
The MSBLAST.EXE program is launched at startup from a Registry entry. Launch REGEDIT from the Start menu's Run dialog and navigate to the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr
entVersion\Run. In the right-hand pane you should see a value whose name is "windows auto update" and whose data is MSBLAST.EXE. Delete this value. If for some reason you couldn't kill off the MSBLAST.EXE process in the preceding step, restart the computer at this point.
Use Search from the Start menu to locate all instances of files named MSBLAST.EXE and delete them. Next, disable DCOM temporarily. Launch DCOMCNFG.EXE from the Start menu's Run dialog. Those running Windows XP or Windows Server 2003 will now need to navigate to Control Panel > Administrative Tools >Component Services\Computers\My Computer, then right-click My Computer and choose Properties. Click the Default Properties tab, un-check "Enable Distributed COM on this computer", and click OK.
Now you can reconnect the computer to the network –- even if Blaster were to attack your system again it can't function with DCOM disabled.
--------------------------------------------------------------------------------
Posted By: Peter Tracy
Date Posted: August 16 2003 at 7:31am
My problem is that I act according to Symantec instructions and I cannot complete the procedure.
Downloaded and tried the removal tool. Worked fine. Worm killed. Registry edited. Process ended.
Restoring Internet connectivity,
Click Start > Run. The Run dialog box appears.
Type:
SERVICES.MSC /S
in the open line, and then click OK. The Services window opens.
In the left pane, double-click Services and Applications, and then select Services. A list of services appears.
In the right pane, locate the Remote Procedure Call (RPC) service.
Right-click the Remote Procedure Call (RPC) service, and then click Properties.
And nothing happens here, the context menu does not open.
see my first post about more problems
Cannot use search, simply not opening.
Tried to copy my files to a floppy. I can see them in explorer but cannot copy.
Restarting is very slow. Some applications are working, some not. When starting, I see an error message memory low.
--------------------------------------------------------------------------------
Posted By: sixpac
Date Posted: August 16 2003 at 12:02pm
What kind of internet service do you have,dial-up,cable,dsl
Have you tried a system restore from a command promt
Start your computer to Safe Mode with Command Prompt.
NOTE: You must log on as the administrator or a user that has administrator rights.
At the command prompt, type %systemroot%\system32\restore\rstrui.exe, and then press ENTER.
Follow the instructions on the screen to begin restoring your computer to a previous, functional state
I'm leaning to what RB said about a clean install,it seems like you have more than just internet problems
You could try this,I don't think it will work in your case but what do you have to lose
You can't uninstall TCP/IP in Windows XP, because there is no Uninstall button for this protocol. According to Microsoft, that is because TCP/IP is an integral part of the operating system, and removing it would cause major problems. You can, however, use the Windows XP command line utility NetShell to reset all IP-related Registry settings to their default values. The result is a brand-new TCP/IP configuration.
The Netsh.exe program is located in the C:\Windows\ System32 directory. To use the program, enter the command "netsh int ip reset filename." You must specify a filename, such as Ipstuff.txt. After Netsh .exe runs, the file will contain a detailed log of the Registry keys that were modified.
If it were my machine I would do a clean install and get rid of the whole mess
--------------------------------------------------------------------------------
Posted By: johng
Date Posted: August 16 2003 at 2:20pm
Get GoBack so you will not have this problem again! See the post in Software section.
John
--------------------------------------------------------------------------------
Posted By: Peter Tracy
Date Posted: August 16 2003 at 11:13pm
sixpac wrote:
--------------------------------------------------------------------------------
What kind of internet service do you have,dial-up,cable,dsl
dial up
Have you tried a system restore from a command promt
Start your computer to Safe Mode with Command Prompt.
NOTE: You must log on as the administrator or a user that has administrator rights.
At the command prompt, type %systemroot%\system32\restore\rstrui.exe, and then press ENTER.
Tried, but Restore cannot start
If it were my machine I would do a clean install and get rid of the whole mess
--------------------------------------------------------------------------------
How to do this?
What will happen to all my data on hard disc?
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Posted By: Peter Tracy
Subject: Blaster removed, still problems
Date Posted: August 15 2003 at 12:15am
I was infected by W32.Blaster worm. Found removal tool and killed it. Still problem. Cannot reconnect to internet.
Cannot install the Windows patch.
"Setup could not verify the integrity of the file updated inf. Make sure the cryptographic service is running"
Went to services, the cryptographic service is not running and cannot be started.
Remote Procedure Call service is not running and cannot start.
"Error 1058: The service cannot be started either because it is disabled or because it has no enabled devices associated with it"
Cannot start System Restore:
"System Restore is not able to protect your computer. Please restart and then run again."
It does not help.
I also cannot start some applications
"Run time error 7. Out of memory"
In Control Panel Network Connections, no icon for my ISP.
Any advice??
Replies:
--------------------------------------------------------------------------------
Posted By: LeRoi
Date Posted: August 15 2003 at 4:15am
Hi,
I'm afraid I don't know enough about XP to be of any help except to suggest the repair option I've read about. It involves booting with the XP CD in the drive I believe and choosing repair. I'll try to find more info.
I hope someone comes along and can suggest something less drastic. Please wait and see before doing anything right away.
-------------
LeRoi//Compaq Presario 5005R//WinME (highly modified)//1.1GHZ T-Bird Processor//512MB Mushkin RAM//Nvidia TnT2 16MB graphics card//soundmax//Mozilla 1.2.1//Firebird 0.6//NSW2001
--------------------------------------------------------------------------------
Posted By: LeRoi
Date Posted: August 15 2003 at 4:43am
I finally found the article I was looking for, still wait for further advice: http://support.microsoft.com/default.aspx?...kb;EN-US;315341 (http://support.microsoft.com/default.aspx?scid=kb;EN-US;315341http://support.microsoft.com/default.aspx?scid=kb;EN-US;315341)
-------------
LeRoi//Compaq Presario 5005R//WinME (highly modified)//1.1GHZ T-Bird Processor//512MB Mushkin RAM//Nvidia TnT2 16MB graphics card//soundmax//Mozilla 1.2.1//Firebird 0.6//NSW2001
--------------------------------------------------------------------------------
Posted By: Peter Tracy
Date Posted: August 15 2003 at 10:32pm
I am wondering if that is only me that the procedure of recovering after worm removal is not working. Has this worm caused so much damage before removal only on my computer? I hope that other people have the same problem and the solution will be found. My brand new computer is practically unusable.
I am so happy that I still keep my old computer connected in the garage.
--------------------------------------------------------------------------------
Posted By: Ranger Bob
Date Posted: August 15 2003 at 10:45pm
Hate to tell you this but the few people that I have seen on the forums that have had these types of problems have had to reinstall Windows XP to fix it. If you don't find something else you could try a Windows XP Repair to see if that fixes your problem. It might retain your existing software and settings so you don't have to do a complete clean reinstall.
--------------------------------------------------------------------------------
Posted By: Shiznit-O-Bam
Date Posted: August 15 2003 at 11:17pm
Hmm I dont know much about this but maybe this will help. Check http://securityresponse.symantec.com/avcen...b.worm.htmlhere (http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.b.worm.htmlhere) (Symantec site) and scroll down to the part where it says "1. Restoring Internet connectivity" and see if that seems like it could be the problem.
-------------
:: P4 3.06Ghz :: 512 DDR :: Asus P4G8X Deluxe :: Radeon 9700 AIW :: 80GB 7200 :: Windows XP Pro ::
--------------------------------------------------------------------------------
Posted By: sixpac
Date Posted: August 16 2003 at 1:31am
start by physically disconnecting the computer from the network and Internet. Then kill off the MSBLAST.EXE process. Press Ctrl+Alt+Del to bring up the Task Manager – in Windows 2000 you'll also click the Task Manager button. Click the Processes tab, highlight MSBLAST.EXE in the list, and click the End Process button.
The MSBLAST.EXE program is launched at startup from a Registry entry. Launch REGEDIT from the Start menu's Run dialog and navigate to the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr
entVersion\Run. In the right-hand pane you should see a value whose name is "windows auto update" and whose data is MSBLAST.EXE. Delete this value. If for some reason you couldn't kill off the MSBLAST.EXE process in the preceding step, restart the computer at this point.
Use Search from the Start menu to locate all instances of files named MSBLAST.EXE and delete them. Next, disable DCOM temporarily. Launch DCOMCNFG.EXE from the Start menu's Run dialog. Those running Windows XP or Windows Server 2003 will now need to navigate to Control Panel > Administrative Tools >Component Services\Computers\My Computer, then right-click My Computer and choose Properties. Click the Default Properties tab, un-check "Enable Distributed COM on this computer", and click OK.
Now you can reconnect the computer to the network –- even if Blaster were to attack your system again it can't function with DCOM disabled.
--------------------------------------------------------------------------------
Posted By: Peter Tracy
Date Posted: August 16 2003 at 7:31am
My problem is that I act according to Symantec instructions and I cannot complete the procedure.
Downloaded and tried the removal tool. Worked fine. Worm killed. Registry edited. Process ended.
Restoring Internet connectivity,
Click Start > Run. The Run dialog box appears.
Type:
SERVICES.MSC /S
in the open line, and then click OK. The Services window opens.
In the left pane, double-click Services and Applications, and then select Services. A list of services appears.
In the right pane, locate the Remote Procedure Call (RPC) service.
Right-click the Remote Procedure Call (RPC) service, and then click Properties.
And nothing happens here, the context menu does not open.
see my first post about more problems
Cannot use search, simply not opening.
Tried to copy my files to a floppy. I can see them in explorer but cannot copy.
Restarting is very slow. Some applications are working, some not. When starting, I see an error message memory low.
--------------------------------------------------------------------------------
Posted By: sixpac
Date Posted: August 16 2003 at 12:02pm
What kind of internet service do you have,dial-up,cable,dsl
Have you tried a system restore from a command promt
Start your computer to Safe Mode with Command Prompt.
NOTE: You must log on as the administrator or a user that has administrator rights.
At the command prompt, type %systemroot%\system32\restore\rstrui.exe, and then press ENTER.
Follow the instructions on the screen to begin restoring your computer to a previous, functional state
I'm leaning to what RB said about a clean install,it seems like you have more than just internet problems
You could try this,I don't think it will work in your case but what do you have to lose
You can't uninstall TCP/IP in Windows XP, because there is no Uninstall button for this protocol. According to Microsoft, that is because TCP/IP is an integral part of the operating system, and removing it would cause major problems. You can, however, use the Windows XP command line utility NetShell to reset all IP-related Registry settings to their default values. The result is a brand-new TCP/IP configuration.
The Netsh.exe program is located in the C:\Windows\ System32 directory. To use the program, enter the command "netsh int ip reset filename." You must specify a filename, such as Ipstuff.txt. After Netsh .exe runs, the file will contain a detailed log of the Registry keys that were modified.
If it were my machine I would do a clean install and get rid of the whole mess
--------------------------------------------------------------------------------
Posted By: johng
Date Posted: August 16 2003 at 2:20pm
Get GoBack so you will not have this problem again! See the post in Software section.
John
--------------------------------------------------------------------------------
Posted By: Peter Tracy
Date Posted: August 16 2003 at 11:13pm
sixpac wrote:
--------------------------------------------------------------------------------
What kind of internet service do you have,dial-up,cable,dsl
dial up
Have you tried a system restore from a command promt
Start your computer to Safe Mode with Command Prompt.
NOTE: You must log on as the administrator or a user that has administrator rights.
At the command prompt, type %systemroot%\system32\restore\rstrui.exe, and then press ENTER.
Tried, but Restore cannot start
If it were my machine I would do a clean install and get rid of the whole mess
--------------------------------------------------------------------------------
How to do this?
What will happen to all my data on hard disc?
--------------------------------------------------------------------------------