Error/Shutdown message

  • Thread starter Thread starter chris munden
  • Start date Start date
C

chris munden

When online, I have suddenly started getting a message
that says words to the effect of "This system is shutting
down. It has been initiated by NT Authority\System. It is
because Remote Procedure Call (RPC) service terminated".
Does anyone know what this means or what I should do to
fix it? I run XP.
 
chris munden said:
When online, I have suddenly started getting a message
that says words to the effect of "This system is shutting
down. It has been initiated by NT Authority\System. It is
because Remote Procedure Call (RPC) service terminated".
Does anyone know what this means or what I should do to
fix it? I run XP.
Click to expand...

courtesy original authors:

Hi Stylus - Courtesy of Colin M. McGroarty with some additions by me:

You can get more info about the worm here:
http://isc.sans.org/diary.html?date=2003-08-11

and here:
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html

Complete directions for fixing this can be found here:
http://www.bigblackglasses.com/Article.aspx?Article=342,
and here: http://www.kellys-korner-xp.com/xp_qr.htm#rpc USE THESE BY
PREFERENCE. There are "fix" scripts available at both sites.

Also, a stand-alone removal tool, Stinger, from McAfee, has been updated to
handle this as one of the 26 things it fixes. Available here:
http://vil.nai.com/vil/stinger/ Be sure that you get the patch installed
though.

and another from CA here: http://www3.ca.com/virusinfo/virus.aspx?ID=36265

but, if you can't get there because of the shutdown, then:


"URLs may wrap

Easy, but annoying fix. When your computer starts go to the services applet
found in administrative tools. Select properties for the RPC or Remote
Procedure Call service. Change the Recovery from "Restart Computer" to
"Restart Service." Now your PC will stay up long enough to fix.

Next download the Microsoft Patch found at:

http://www.microsoft.com/downloads/search.aspx?displaylang=en

The patch is currently in the top download choices for both Win 2K and Win
XP. Choose accordingly and download.

Once the patch is installed make sure to do a full virus scan with current
virus definitions.
See Symantec's web page

http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html

Once the worm has been eliminated I recommend running Windows Update to get
all the current critical updates.
Lastly, change the RPC service back to "Restart Computer" as the recovery
method (or Take No Action for Win2k = jrb).

Hope this helps,


Colin M. McGroarty
MCP+I, MCSE, NT-CIP

(e-mail address removed)
www.McGroarty.org"
 
Back
Top