As I understand, you have received the following error messages when using
your computer:
"This system is shutting down. Please save all work in progress and log off.
This shutdown was initiated by NT
Authority/System."
"Windows must restart because the Remote Procedure Call (RPC) service
terminated unexpectedly."
This is a known security issue which was first found on July 15. There is
currently an Internet Worm that is taking
advantage of this security issue. Microsoft published the patch to fix this
issue on July 16 for all of the affected systems
on our web site. For more information, please refer to the following page:
http://www.microsoft.com/security/security_bulletins/ms03-026.asp
The resolution to this issue is to clean the worm from your system and
install the patch mentioned above. You can find a
link below to install the patch for Windows XP.
It is suggested that you first download the patch to your system so you can
install the patch immediately after cleaning the
system and before you reconnect to the Internet or network.
In some cases this Worm can cause your system to reboot and you may have
difficulties downloading the patch. In those cases
you need to turn off some ports that the virus uses by blocking them with
Firewall software. The ports that may need to be
blocked are as follows:
TCP/UDP Port 135
TCP/UDP Port 139
TCP/UDP Port 445
*Note: Port 69 (TFTP) and TCP port 4444 are also in use by this worm and
should be blocked.
The Internet Connection Firewall that comes with Windows XP will block these
by default once it is enabled. To enable the
Internet Connection Firewall that comes with XP do the following:
1. In Control Panel, double-click "Networking and Internet Connections",
and then click Network Connections.
2. Right-click the connection (your internet connection) on which you would
like to enable ICF, and then click Properties.
3. On the Advanced tab, click the box to select the option to "Protect my co
mputer or network".
4. If you want to enable the use of some applications and services
through the firewall, you need to enable them by
clicking the Settings button, and then selecting the programs, protocols,
and services to be enabled for the ICF
configuration.
To Download the patch and remove the Worm do the Following:
Step 1:
Download patch:
1. Download the patch for your system from the link shown below these steps.
http://microsoft.com/downloads/deta...6C-C5B6-44AC-9532-3DE40F69C074&displaylang=en
Clean the worm from your system you should do one of the following:
2. Run your Antivirus software with an updated definitions.
and
Customers should use some of the online removal tools located at:
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
http://vil.nai.com/vil/stinger
http://www.trendmicro.com/download/tsc.asp
Install the patch:
3. Run the patch from the location you downloaded it to in step 1.
At the same time, we suggest you often go to
http://www.microsoft.com/security/ and install all critical updates and
service
packs from the Windows Update website:
http://windowsupdate.microsoft.com/.
In this way, your system is always protected from
the potential security issues.
Once again I would like to thank you for contacting Microsoft Online Support
Service. I am going to go ahead and close this
case.
http://support.microsoft.com/support/webresponse.asp
Again, thank you for choosing Microsoft.
Best Regards,
Karl S
This posting is provided "AS IS" with no warranties, and confers no rights
Please note I cannot respond to e-mailed questions.
Please use these newsgroups to let me know if the suggestions resolved the
issue.
