"My computer keeps shutting down when I'm connected to the DSL."
This one is pretty straightforward, but can be a bear to fix.
Often customers (with any kind of internet service) will call saying that as soon as they turn their computer on (in the case of always-on connections such as cable and DSL) or as soon as they dial into the internet they receive a pop-up message such as this one:
...or this one
Folks who receive these errors receive them because of the following:
- The computer does not have all the Microsoft Critical Updates installed from http://windowsupdate.microsoft.com.
- The computer does not have a software firewall installed or is behind a router.
- The computer does not have an up-to-date antivirus program installed.
If the first item was taken care of, neither of the other two would be a factor in this case. The reason these messages come up is because there are virus-infected data packets coming into the computer trying to exploit one of several vulnerabilities in the Windows operating system. In both instances the vulnerability was patched several weeks before the worms themselves were created to exploit them, so users who were vigilant about keeping their copy of Windows patched and up-to-date never had to deal with this problem.
When a user sees this error it means that a packet tried to infect the computer by exploiting the vulnerability and failed to do so. When it fails, it crashes the service it was trying to exploit (the RPC DCOM service in the first example--exploited by the Blaster and Welchia worms--or the LSASS service in the second example--exploited by the Sasser worm). Since these services are critical to the operation of Windows, when they crash a box comes up informing you that the service was terminated and that Windows will have to restart.
If the worms were successful in infecting the computer the user would see nothing. The downside is that even if you see these error messages the computer is still likely to be infected. When the worms try to infect a computer they can send thousands of infected packets to the computer. If even one gets through the computer will be compromised. If only one fails to infect, that's all it takes to get the errors shown above. So if you see this error it means one packet failed to infect you--though the previous 500 packets probably came through just fine.
What to do?
The most critical thing to do is keep your Windows machine patched by visiting http://windowsupdate.microsoft.com regularly, or turning on Automatic Updates (Visit Microsoft's Website for instructions on how to do this by clicking HERE). You can also turn on Automatic Updates from within the Windows Update website.
Windows XP Service Pack 2 turned on all Windows firewalls by default (the XP firewall was always present, but was only enabled by default on dialup connections), so as long as you haven't turned them off you should be ok if you're running SP2.
The best thing for a DSL customer to do is to pick up a router. They can be obtained rather inexpensively at retailers such as Best Buy, Circuit City and CompUSA (a standard router can cost about $50). Routers tend to be a bit more reliable as--like most users know--software of any kind can fail for no reason at all. Placing your entire faith in a software firewall (even one integrated with Windows) can sometimes lead to less than satisfactory results. If a software firewall fails, it can open your computer up to all sorts of nastiness. If a hardware firewall fails...well, you just won't be able to get online.
If you are experiencing these shutdowns the first thing to do is obtain or enable a firewall of some kind. This will prevent these packets from coming into the computer--if the packets are being blocked before they get to you, then even if you're not patched and protected from the exploit, they can't do anything.
The second thing to do is obtain all the most recent critical updates. This will patch your computer so even if packets do come through to it, the vulnerability they are trying to exploit will have been fixed.
The final thing to do is to run a full virus scan on the computer. If you do not have antivirus software, removal tools for Blaster, Welchia and Sasser can be obtained directly from Symantec's website at http://www.sarc.com/avcenter/tools.list.html. Here are direct links to the tools themselves:
These tools can be run independently and scan the computer specifically for instances of those worms. Just download them to your desktop (or a floppy disk if you are unable to get online from the infected computer) and run them. If the worms are found you will receive a confirmation that it was found and removed.