Somebody fucked with my computer

[Ben]

Well, I don't know what happened, but my computer is being a bitch. Whevever I start my computer, it works fine for a few minutes, and then a program called svchost.exe (in the windows/system32 folder) crashes. When that happens, I can no longer copy and paste from the clipboard, Internet Explorer can't open anything in a new window, and some programs don't run when I clcik on them. I have no idea what to do, so I figured I should ask around. I'm completely stumped, and can't even find the error file that the program wrote to. Svchost is obviously something that works in the background of Windows 2000 and is essential to a lot of basic operations, but that's all I've figured out. I'm not really sure what kind of help I'm expecting to get here, but it's Microsoft tech support is anxious to help..

[Sluggo]

Well I'm no computer expert, but something similar happened to me also. Whenever I started my computer about 10 error messages popped up that said some program performed an illegal operation, and most of them were system files. It turns out I had a virus that was infecting them all (somewhere in the thousands of system files), so if you have a viruscan this post probably wasn't much help. But maybe it's due to a virus.

[Sylpher]

Svchost runs when win2k first starts up and is supposed to take care of running task in your registry...

If it is crashing that is no good! However there is an easy fix you should try that might (I said might) fix it.

If you have the win2k disk plop it in and simply install windows again...Don't format or nothing just install on top...this generally fixes many little problems windows will run into..replacingany bad, screwed with, or messed up files.

But! If there is a virus or something running that is messing with SVchost this probobly won't do much. But give it a shot if it still happends then something besides windows (directly) is causing it.

[remixor]

Ben: I am having literally the EXACT same problem.  svchost crashes, can't click on anything that uses hyptertext, etc.  It's driving me crazy.

[remixor]

Alright, I did a bunch of searching on the net, and here are the steps I took to fix the problem:

1) Fix the hole in Windows by downloading this patch:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp

2) For Windows 2000, go to the Task manager (Ctrl-Alt-Del once), click on msblast and end the task.  (msblast.exe is the worm that is causing the problems)

3) Fix the registry to prevent the virus from running again every time you restart. To do this, click start, run, and then type "regedit."  Go to Edit->Find... and search for "msblast".  There should be two keys that contain that text.  Delete them.

4) Download and then run this stinger: http://vil.nai.com/vil/stinger/

5) If necessary, update your Windows Media Player and/or Internet Explorer to repair any other issues that may still exist.  You should only have to do this if there are still problems with those programs.  I did not have any but it seems there are people who did.

Good luck.

[Ben]

Ah, I thought it might be a virus.. This morning I found out that some other people I know have this problem too. My dad mentioned a problem he had at work, and it sounded kind of familiar.

Remixor: Thanks for posting those steps. I'm downloading those patches right now.. Only problem is I have to install service pack 2 (a huge download) first for the patch to work. I didn't know I was supposed to update every week  .

[Pessi]

I have the very same problem, Ben. It has become really irritating.

My brother has some different issue with his computer. Kind of similar. His computer crashes so that Window says that some application has caused an error and Windows needs to shut down. There's a sixty second countdown before it shuts down.

These problems have occured during the last week or so for both of us. And what is funny, is that he's using XP and I'm using 2000. They're even different executables that crash. I don't know if some hacker has really started to get bored or something.

Anyway, I downloaded the patch (had to update to service pack 3, actually, I think) but can not find the msblast.exe from the Task Manager. Also, I tried the Stinger but it didn't find anything. This is the first time I'm running the system with the patch and the computer's been up and running for about 10 minutes, so I can't really tell whether it's working or not. We'll see. I'll let you know if it worked.

[remixor]

The virus affects NT, XP, and 2000.  Pessi: you may only have needed to install the patch.  Many people reported that after restarting with the patch, they did not need to do any of the other steps.

[m0ds]

Sometimes my PC goes crazy and won't let me drag files into a program, i.e. it wont let me drag sound files into Media Player. It sucks!

m0ds

[remixor]

m0ds, that is one symptom of the virus, but if nothing else is going wrong then it could be something else.

[LGM]

Well.. Since we're on the subject and I don't really want to start a new thread...

Anyone know how to get rid of a bunch of Worms? Terr4n gave them to me and they've multiplied.

They are Wl2/Parite files I believe.

And my Virus Scanner dies every time I install it because the damn worms. Anyone know of a solution?

[Squinky]

I picked up a worm over the last couple days, used a program called fixblast....worked good....

I could e-mail it to ya if you want, it's like 160 k unzipped...might do it...

[jason]

There's a virus going around that causes your computer to reboot.  If you're having this problem, follow the instructions immediately below.  If you're not having problems, you should go over Steps 1, and 2 of the lower section to make sure you don't get infected. You may also want to forward this to any clients that have the worm.

W32.Blaster.Worm Removal Tool:
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

In the page above, it says to Turn Off System Restore if you're running Windows XP, 2000 or ME, here's instruction on how:
Windows XP, 2000: http://support.microsoft.com/default.aspx?scid=kb;en-us;310405
Windows ME: http://support.microsoft.com/default.aspx?scid=kb;en-us;264887

IF you need to start in SAFE MODE, turn off your computer and wait 10 seconds then turn it back on.  Right after you turn on the computer, start tapping the F8 key about once or twice a second while the computer is booting.  Before Windows starts, you will get a menu with an option to start in Safe Mode.  Use your arrow keys to highlight this option and press enter.

After the Removal Tool finishes running, it will ask you if you want to apply a patch to fix the vulnerability that allowed all this to happen in the first place.  If you select Yes, the web page it takes you to is not very clear.  You may select No and follow the steps below.  If you complete Step 1 below, you will no longer be vulnerable to w32.Blaster.


Once you've successfully removed the virus, you need to do a few things to make sure you don't get it again.  The first 2 steps don't take long and are completely free.  You should complete them IMMEDIATELY.  If you don't already have a virus scanner, you should get one very soon, but simply completing Step 1 will keep you safe from w32.Blaster.

1. Run Windows Update by opening Internet Explorer, then select Windows Update from the Tools menu.

2. Click on the PRODUCT UPDATES link then install anything that says "Critical Update"
After you install the updates, restart your computer and run Windows Update again and check for any more critical updates.  Some updates have to be installed by themselves, so you need to come back to Windows Update to check for more.I've tried to be as complete as possible, but there are probably some things I've left out.  Feel free to email me with any questions.

[Ben]

I ran the patch and the stinger, and the problem seems to be fixed. Didn't need to find msblast or mess with the registry.

[LGM]

Send away, Squink!

[Squinky]

It's the same one jason posted...so your all set man....

[Pessi]

Yay, the patch seems to have worked! Thanks a lot, Remixor!!!

Jason, sounds like the one my brother's computer is having. Thanks for the instructions!

[AGA]

The moral of this story is: if you have Windows, USE WINDOWS UPDATE EVERY SINGLE DAY!

I use Windows 2000 and there's a proggie that runs in the background and automatically downloads and installs any Windows patches for you. I think it's available on Windows Update itself. That, and use a good firewall and on-access virusscan and you shouldn't ever have any problems...

[m0ds]

Or go outside, enjoy the cool day breeze, the sunshine, the nature and the sound of the birds, and soon forget you ever even owned a PC...

[Las Naranjas]

Or use 98se! The haxx0rs are far too 1337 to make worms for steam powered OS's.

[Pessi]

I think I'll go with Mods' tip!

[Minimi]

its the virus but if you dont want to have your computer restart everytime it is infected you do the following

(sorry for maybee bad english, cause im using the dutch windows!)

1. Configurationscreen
2. System manage (or something)
3. Choose services
4. in the long list choose remote procedure call (rpc)
5. Go to the tab "recovery" and uncheck the 3 "restart computer" beneath eachother!

That should work!

[Nostradamus]

That worm you have been experiencing is a worm that struck a huge numbers of computers on monday, it was a worm ment to strike exactly at that date and that's why it happens to all of you.

A friend of mine got a harder version of the worm, it starts a 47 second countdown to reboot once Windows is loaded so she doesn't have enough time to do the above steps. I don't know how I can help her.

[Nellie]

Heh, I just got a new computer with WinXP and this is the very first thing that happened to me.  I was freaking out - I thought I'd frigged up my comp within half a day of receiving the bloody thing.

[Pessi]

How about running a virus scan on her computer's harddrive with your computer? That would require moving the HD around but I can't really think of anything else...

[jason]

I'm glad if I could be of any help.

Man, viruses seriously piss me off. I can't understand why people create them. All they ever do is make our lives harder and sometimes even destroy our hard work (art, programs, etc). It's really sad that there are people who get a kick out of screwing people over.

[Ginny]

Yeah I agree.
A friend of mine had a problem with her computer, dunno if it was a virus or something else, but a lot of her art was deleted .

This makes me so mad! Grrah...

[Nostradamus]

Pessi, that would probably infect my HD...

I gave her Fixblast and Stinger on a disk, I hope it will work

[Pumaman]

There is a lesson in all of this of course - if you use the internet, install anti-virus and firewall software and regularly check Windows Update. That way, you get no viruses, no worms and no problems.

[AGA]

!

Would this be EXACTLY WHAT I SAID A PAGE AGO, CJ?!?!

edit: stab stab!

[Pumaman]

Hmm, that'll teach me to read the whole thread, won't it.

Er... I mean, I just said it in order to back up your statement and give it more credibility... yeah, that's it