is an older infection that targeted a security issue related to the Remote Procedure Call (RPC) function. Symptoms of infection included the computer restarting every few minutes without user input or receiving a System Shutdown dialog box with the message: "This system is shutting down. Please save all work...This shutdown was initiated by NT Authority\System...Windows must now restart because because the Remote Procedure Call [RPC] service terminated unexpectanly.
Microsoft addressed this vulnerability with a security update several years ago. Blaster targets computers with out-of-date software, and those computers remain at risk of infection until the update is installed. However, if your machine has been kept updated with all service packs and critical patches and you do not have these symptoms, I doubt you actually have this infection.
You are most likely receiving a bogus warning message or fake alert from a Rogue security program
indicating that your computer is infected. These rogue programs are one of the most common sources of malware infection
Please reboot in "safe mode with networking
", then download Malwarebytes' Anti-Malware
(v1.50.1) and RKill
by Grinler, saving them to your desktop.RKill.exe Download LinkRKill.com Download LinkRKill.scr Download Link
Renamed versions if the above do not work:iExplore.exe Download LinkeXplorer.exe Download Link <- this renamed copy may trigger an alert from MBAM...just ignore it.WiNlOgOn.exe Download LinkuSeRiNiT.exe Download LinkRKill is available in several versions to include renamed versions in case one does not work, you can try another. As such, you may want to download and save more than one before proceeding.
Reboot normally, then proceed as follows:
-- If you get an alert that Rkill is infected, ignore it. The alert is a fake warning given by the rogue software which attempts to terminate tools that try to remove it. If you see such a warning, leave the warning on the screen and then run Rkill again. By not closing the warning, this sometimes allows you to bypass the malware's attempt to protect itself so that Rkill can perform its routine.Important: Do not reboot your computer
- Double-click on the Rkill desktop icon to run the tool.
Vista/Windows 7 users right-click and select Run As Administrator.
- A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, then download and use the one provided in Link 2.
- If it still does not work, repeat the process and attempt to use one of the remaining versions until the tool runs.
- Note: You may have to make repeated attempts to use Rkill several times before it will run as some malware variants try to block it.
- A log file will be created and saved to the root directory, C:\rkill.log
- Copy and paste the contents of rkill.log in your next reply.
until after performing a scan with Malwarebyes'. A scan must be completed immediately after running RKill.
Perform a Quick Scan
in normal mode with Malwarebytes' Anti-Malware and follow these instructions
. Check all items found for removal. Don't forgot to check for database definition updates
through the program's interface (preferable method
) before scanning and to reboot afterwards. Failure to reboot normally
will prevent Malwarebytes' from removing all the malware. When done, click the Logs
tab and copy/paste the contents of the new report in your next reply.