Security Software Strange problem with Anti-Virus...

D

Desert Rose

Adept
Well...the story goes like this...

I have a cable internet at home.. and recently..had problems while connecting to internet.. so I thout may be there is some problems with network connections ..ans so went on format and reinstall xp again..

after installing Xp, it would work fine for the first time that i l;ogged on..but after installing few other s/w and restarting...again tht problem popped up saying" Connot contact Server" ( the connection worked fine on my bro's comp)

...And so i decided to install all s/w one by one and check if it connects to internet ..and found out tht its because of Kaspersky 2006 beta that i am unable to connect..I uninstalled it and bingo! ..the problem was gone!.. ( tht stupid connection works fine on my bro's pc even with anti-virus installed )

Now..the problem is ...my PC is full of trojan, svchost.exe, etc etc.. have an adware installed but still.. i'll have to restart cos a messg pops up every now and then saying" System will restart within 59 seconds"...

Why is this happening? :huh:
 
u running Win XP right? install SP2.. or atleast the necesary patches.. the prob (shut down in xx sec) is Remote Procedure Call (RPC) related..

Also, it helps if u r running some kind of fireWALL..atleast the defaULT XP firewall..
 
Yeps its the w32.blaster worm using the RPC DCOM vulnerability of unpatched systems.

But according to me your AV problem was because maybe there is a setting in Kaspersky which blocks internet activity upon request[which is highly unlikely] but you may as well give a glance over the settings present there.Sorry but I'm not acquinted with Kaspersky.

Other than that patch your OS upto date.You were infected becuase you didnt patch.

Also keep a eye for unusual internet activity i.e packets being sent when nothing is being accessing the internet according to you.
 
svchost.exe is the base process which provides the TCP layer& NOT A TROJAN . anything with a similar name surely is.

boot into safe mode, use hijackthis to clear the unwanted things.

disconnect from any network medium & install SP2 as said. then try things

remember, sp2 may crash some older version of appz like nero 5.x so upgrade them.

& really ur network may not work at all after u apply SP2. so u'll need to tweak it around

The best way of implimenting SP2 to do an integrated install. this method never fails.
 
try to upgrade to service pack2

first when timer runs

start->run ->shutdown -a

then you can see the timer goes away

after that

start->run->services.msc

then locate Remote Procedure Call (RPC)

doble click ->select Recovery ->change the values to Take no action

after that update teh patch

The Microsoft patch can be found at Microsoft Security Bulletin MS04-011: Security Update for Microsoft Windows (835732)

then try to update to sp2

it seems to be sasser worm

regards

umasankar
 
i disagree with you mehargags.
svchost.exe [the local service] is a trojan incorporated by microsoft.the one tht runs as local service it runs as a child under explorer shell which allows m$ to do all kinda shit incluing netstat and stuffs in ur box.
it has other works too but its just one of em and u cant really diasable it tht way :p.
 
Back
Top