David Loyall
December 14th 03, 11:01 AM
Hi, everyone.
This is my first time posting to this newsgroup, so please
pardon me if I tread on local etiquette.
The NT AUTHORITY shutdown thing is caused by computers on
the internet sending your computer certain special
commands. Normally, you'd expect that your computer would
ignore commands from strangers, but these strangers are
taking advantage of a Remote Exploit in Windows. Details
about that here:
http://support.microsoft.com/?kbid=823980
These shutdowns won't stop until you patch that hole. Get
the patch at the above URL. This is a critical update,
you must get this patch. There are worms in the wild
right now that will use this hole to take control of your
computer, using it to attack other computers, websites,
etc, and view your files, etc.
Now, if you're having trouble getting the patch to
install, because you're being shutdown, this might help:
When you get the shutdown message, click start, run. Type
shutdown /a and hit enter. This should abort the current
shutdown sequence. Great, now you have more time to get
the patch!
Once you've gotten the patch, you should visit
http://windowsupdate.microsoft.com to get all the OTHER
patches that you've failed to get over the years.
You should also use some sort of antivirus, because, if
you're just now getting the patch, trojans were probably
already installed on your computer on 8/11/03. (I
recommend TrendMicro's housecall service. It's free.
http://housecall.antivirus.com )
Again, even after you stop the shutdown problem, it is
still important for you to visit
http://windowsupdate.microsoft.com and use some sort of
antivirus (link above). If you fail to do this, your
computer will probably continue to send shutdown attacks
(and other things) to *everybody else's* computers.
... That's about it. I left out a lot of things about the
RPC vuln and the trojans that exploit it, because such
details are beyond the scope of this document. But please
do do some research on this topic. =) And always visit
windowsupdate regularly. Always visit windowsupdate
regularly. http://windowsupdate.microsoft.com Always.
Regularly.
--David Loyall
This is my first time posting to this newsgroup, so please
pardon me if I tread on local etiquette.
The NT AUTHORITY shutdown thing is caused by computers on
the internet sending your computer certain special
commands. Normally, you'd expect that your computer would
ignore commands from strangers, but these strangers are
taking advantage of a Remote Exploit in Windows. Details
about that here:
http://support.microsoft.com/?kbid=823980
These shutdowns won't stop until you patch that hole. Get
the patch at the above URL. This is a critical update,
you must get this patch. There are worms in the wild
right now that will use this hole to take control of your
computer, using it to attack other computers, websites,
etc, and view your files, etc.
Now, if you're having trouble getting the patch to
install, because you're being shutdown, this might help:
When you get the shutdown message, click start, run. Type
shutdown /a and hit enter. This should abort the current
shutdown sequence. Great, now you have more time to get
the patch!
Once you've gotten the patch, you should visit
http://windowsupdate.microsoft.com to get all the OTHER
patches that you've failed to get over the years.
You should also use some sort of antivirus, because, if
you're just now getting the patch, trojans were probably
already installed on your computer on 8/11/03. (I
recommend TrendMicro's housecall service. It's free.
http://housecall.antivirus.com )
Again, even after you stop the shutdown problem, it is
still important for you to visit
http://windowsupdate.microsoft.com and use some sort of
antivirus (link above). If you fail to do this, your
computer will probably continue to send shutdown attacks
(and other things) to *everybody else's* computers.
... That's about it. I left out a lot of things about the
RPC vuln and the trojans that exploit it, because such
details are beyond the scope of this document. But please
do do some research on this topic. =) And always visit
windowsupdate regularly. Always visit windowsupdate
regularly. http://windowsupdate.microsoft.com Always.
Regularly.
--David Loyall