Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Possible Sasser/msblast Worm?

  • Please log in to reply
No replies to this topic

#1 hmboudreaux


  • Members
  • 1 posts
  • Local time:06:47 AM

Posted 26 June 2008 - 02:05 AM

Here's my story. I've been trying to make heads or tails of this all night and I'm at a loss.

I was playing an online game (Final Fantasy XI) several hours ago when I suddenly lost my Internet connection to the game and to Windows Live Messenger. I was unable to log back in to either, but I could still access most websites with Firefox 3 and Google Talk messenger. While running the troubleshooter for Windows Messenger, I was told that my hosts file had entries related to the program which would prevent it from logging in. It asked if it could fix the file, I said yes, and then I got an error that it could not fix the file. Around this time I got a popup box that NT AUTHORITY/SYSTEM was going to restart the computer in 60 seconds.

After restarting, I looked up the message and it appeared I had the sasser or msblast worm. I had the symptoms of not being able to access microsoft or anti-virus/spyware sites, but I had none of the files or system processes that every website I checked said I was supposed to have. Also, my computer wasn't being forced to restart continuously like it should if I had the worm. It was only restarted once so I can't say exactly what the error message was. I found a link that said to get around the blocked sites I should rename the hosts file and run the command nbtstat -r, so I did. Unsure if I even had the worm, I downloaded Symantec's sasser worm fix and ran it. It found nothing. I ran Avast!, Ad-aware, Spybot, and Malwarebytes and none of them found anything either. I don't know what else I can try.

Basically I would like to know if there is any way I can determine if I'm infected and if not, why would my hosts file be suddenly changed and my computer forced to restart? My system is a laptop running Windows XP Home SP2. If it makes any difference I recently updated the drivers for my graphics card, an nVidia GeForce Go 7600.

Thanks in advance for your help! :thumbsup:

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users