Help! Have another virus that when you connect to the internet it tells you that you the computer is going to shut down in 1 minute. How do I keep it connected long enough to find out what virus I have and get it off? Thanks for all your help.

I take it this is on your home computer? If so, when you get off work today, go by Wal-Mart, buy the Norton Antivirus 2004, and call me when you get home.

If you already have NAV, then you can skip the trip to Wal-Mart and just call me when you get home.

I will be more than happy to come fix your computer and insure that this doesn't happen again.

Actually this is on my aunt's computer in MS and she is totally computer illiterate so I am trying to help her over the phone. Is there any other way to fix it besided NAV 2004?

Sorry hometowngal. I have to be where I can see it to fix it. I can't tell someone on the phone how to fix it.

It sounds like the MSblaster worm. Go to this website for instructions on how to keep your computer from rebooting so you have time to get on the internet to download any windows updates you need to patch the hole - http://ej.typepad.com/ej/2003/08/how_to_remove_m.html
and then go to an online antivirus scanner such http://www.pandasoftware.com/activescan/com/activescan_principal.htm
or http://housecall.trendmicro.com/housecall/start_corp.asp to scan and rid your computer of any viruses, worms, or trojans on the machine. Hope this helps!

I believe that is the Sasser worm--It would say "shutdown in 60 seconds" or to that effect.

Goto Microsoft update and download the Saser worm fix, it also has instructions on how to remove it. Your Aunt will need to get to another PC that's not infected and download the fix if you cannot get it to her.

Windows XP Users: What to Do If Your Computer Has Been Infected by Sasser
Published: May 4, 2004

Print this page now to get instructions for yourself (if your computer keeps shutting down), or to help a friend.

If you are using Microsoft® Windows® XP or Windows XP Service Pack 1 (SP1) and your computer has been infected by the Sasser worm, you can take these steps to update your software, remove the worm, and help protect against future infections.

Step 1: Disconnect from the Internet
To avoid further problems, disconnect from the Internet:

Broadband connection users: Locate the cable that runs from your external DSL or cable modem and unplug that cable either from the modem or from the telephone jack.
Dial-up connection users: Locate the cable that runs from the modem inside your computer to your telephone jack and unplug that cable either from the telephone jack or from your computer.

Step 2: Stop the Shutdown Cycle
This worm may cause LSASS.EXE to stop responding, which forces the operating system to shut down after 60 seconds. If your computer starts to shut down, follow these steps to abort any system shutdown that may be in progress.

On the taskbar at the bottom of your screen, click Start, and then click Run.
Type: cmd and then click OK.
At the command prompt, type: shutdown.exe -a and then press ENTER.
Step 3: Mitigate the Vulnerability
You can temporarily remove the vulnerability that allows the worm to infect your computer by creating a log file.

Create the log file

On the taskbar at the bottom of your screen, click Start, and then click Run.
Type: cmd and then click OK.
At the command prompt, type: echo dcpromo >%systemroot%\debug\dcpromo.log and then press ENTER.
Make the log file read-only

At the command prompt, type: attrib +R %systemroot%\debug\dcpromo.log and then press ENTER.
Step 4: Improve System Performance
If your computer is acting sluggish or if the Internet connection is slow, the worm may be flooding your local network connection. This may make it impossible for you to download and install the required software update. To improve system performance:

Press CTRL+ALT+DELETE, and then click Task Manager.
For each of the following tasks that may be listed, click the task to select it, and then click the End Task button to end it.
Any task ending with _up.exe (for example, 12345_up.exe).
Any task starting with avserve (for example, avserve.exe).
Any task starting with avserve2 (for example, avserve2.exe).
Any task starting with skynetave (for example, skynetave.exe).
hkey.exe
msiwin84.exe
wmiprvsw.exe

Note Do not end the wmiprvse.exe task; it is a legitimate system task.

Step 5: Enable a Firewall
A firewall is a piece of software or hardware that creates a protective barrier between your computer and the Internet. If your computer has been infected, a firewall will help limit the effects of the worm. Windows XP includes the Internet Connection Firewall (ICF). To turn on ICF:

On the taskbar at the bottom of your screen, click Start, and then click Control Panel.
Click the Network and Internet Connections category.
(If the Network and Internet Connections is not visible, click Switch to Category View under Control Panel on the left side of the Control Panel window.)
Click Network Connections.
Right-click the Dial-up, LAN, or High-Speed Internet connection that you use to connect to the Internet, and then click Properties from the shortcut menu.
On the Advanced tab, under Internet Connection Firewall, select Protect my computer and network, and then click OK. The Windows XP firewall is now enabled.
Step 6: Reconnect to the Internet
Plug the cable (referred to in Step 1) back into your computer, telephone jack, or modem.

Step 7: Install the Required Update
To help protect your computer against this worm in the future, you must download and install security update 835732, which was released with Microsoft Security Bulletin MS04-011. To download security update 835732, go to http://go.microsoft.com/?LinkID=526067

Step 8: Check For and Remove Sasser
After you have installed the update and restarted your computer, go to the Web page "What You Should Know About the Sasser Worm and Its Variants" at http://www.microsoft.com/security/incident/sasser.asp. Use the Sasser Worm Removal Tool to search your hard disk for and remove Sasser.A, Sasser.B, Sasser.C, Sasser.D, Sasser.E, and Sasser.F.

About Internet Connection Firewall
The Windows XP Internet Connection Firewall can block useful tasks such as sharing files or printers through a network, transferring files in applications, or hosting multiplayer games. Nonetheless, Microsoft recommends that you use a firewall to help protect your computer.

If you turn on the Internet Connection Firewall and find that you can't perform some tasks you want to, read "How to Open Ports in the Windows XP Internet Connection Firewall" at http://www.microsoft.com/security/protect/ports.asp.

If you have more than one computer, want more technical information, or want to learn more about firewalls, read "Frequently Asked Questions About Firewalls" at http://www.microsoft.com/security/protect/firewall.asp.

If it is the Sasser worm you can still get the computer to stop rebooting by hitting control - alternate - delete to bring up the task manager and end the following processes in the processes tab by right clicking them and choosing "end process" for the following
• End any process beginning with 4 or more numbers and “_up.exe” (for example, 12345_up.exe)

• End any process starting with avserve (for example, avserve.exe, avserve2.exe)

• End any process named skynetave.exe

• End any process named hkey.exe

• End any process named msiwin84.exe

• End any process named wmiprvsw.exe

NOTE: Do not end the process named wmiprvse.exe it is a legitimate system process

This should stop the computer from rebooting so you can get on the internet to download any fixes or patches.

You can download the fixer tool from www.symantec.com (if you can get to the internet. lol I downloaded it at work, dropped it on a cd and took it home and ran it on my puter there. Be sure after you get it off you go and update windows. This scooted right under my norton, but since I got the current updates I have not had a problem. Let me know if I can be of any help. :)

I haven't thought about putting it on a disk. I will try that then...Thanks for the suggestion...