Remote Call Procedure

  • Thread starter Thread starter DeLisa Lopez
  • Start date Start date
D

DeLisa Lopez

Other than a virus, what would cause an error message
stating that NT Authority has caused Windows to be shut
down due to an unexpected failure in the remote call
service procedure. It only occurs when connected to the
internet. Thank you in advance.
 
Look at this, courtesy of Carey Frisch.

There are thousands of nasty computer viruses/worms looking for unprotected
computers. Your computer can be infected within a few milliseconds the
moment
an internet connection is established if your computer is not properly
secured.

Apparently, your computer is now infected with the W32.Blaster.Worm or one
of its variants.
This happened because you have not been using an internet connection
firewall and have
apparently neglected to install the critical updates available at the
Windows Update website.

------------------------------------------------------------------

If your computer is constantly attempting to shutdown
or reboot, quickly go to:

Start > Run and type: CMD , and hit enter.
This opens the Command Prompt window.

Then type: shutdown -a , and hit enter.

This should halt the rebooting problem.

------------------------------------------------------------------

Then immediately turn-on Windows XP's built-in Firewall:
http://www.microsoft.com/security/protect/

Special note if you use AOL:

America Online installs its own connection settings that override
the ones that come with Windows XP. America Online's
connection settings don't include a way to turn on Windows XP's
built-in firewall.

Visit the following web site for instructions on downloading
a FREE firewall program for your computer.

Ref: http://www.updatexp.com/free.html

What You Should Know About the Blaster Worm and Its Variants
http://www.microsoft.com/security/incident/blast.asp

A tool is available to remove Blaster worm and Nachi worm infections from
computers
that are running Windows 2000 or Windows XP
http://support.microsoft.com/?kbid=833330

A security issue has been identified that could allow an attacker to
remotely compromise a computer running Microsoft Windows and
gain complete control over it. You can help protect your computer
by installing this update from Microsoft.
http://www.microsoft.com/downloads/...6C-C5B6-44AC-9532-3DE40F69C074&displaylang=en
 
DeLisa Lopez said:
Other than a virus, what would cause an error message
stating that NT Authority has caused Windows to be shut
down due to an unexpected failure in the remote call
service procedure. It only occurs when connected to the
internet. Thank you in advance.
Click to expand...

Never mind the "other than a virus"
It is a virus.
You have the Blaster worm.

1st to stop the RPC error so it doesn't interupt you while your making
repairs:
Start | Run | services.msc /s
Scroll down to "Remote Proceedure Call (RPC)" NOT (RPC) Locator
Right click and select properties
Under the "Recovery" Tab change all failures from "Restart the Computer" to
"Restart the Service"
This will keep the RPC from coming up.

Disable msblast.exe in task manager.
Ctrl+Alt+Del | Processes | Right click msblast.exe and click "End Process"

Download the Blaster Security Patch at:
http://www.microsoft.com/security/incident/blast.asp

Download AdAware & Spybot S & D:
AdAware:
www.lavasoftusa.com/software/adaware/
Spybot S & D:
www.safer-networking.org/

Disconnect from the internet

Run AdAware & Spybot
Run the Security Patch you downloaed earlier.

Make sure you have a firewall and AV software enabled and updated.
As long as you downloded and ran the patch above Blaster shouldn't come back
but there are plenty of others that can find your computer in minutes.

Change the RPC back to "Restart the Computer" the same as you did above.

Reconnect to the Internet and download the rest of the Microsoft Update
Security Patches.

--
kwoyach[SPAM]@yahoo[SPAM].com
TO Email: Remove [SPAM]
If I can help you I will.
If you can help me thanks.

--

**Useful Links**
AdAware:
www.lavasoftusa.com/software/adaware/
Spybot S & D:
www.safer-networking.org/
Check for Parasites/Worms:
www.gemal.dk/browserspy/parasites.html
Blaster Security Patch:
http://www.microsoft.com/security/incident/blast.asp
TweakUI and other PowerToys:
www.microsoft.com/windowsxp/pro/downloads/powertoys.asp
 
Greetings --

If you connected the PC to the Internet without having first
enabled a firewall, without having first installed an antivirus
application with current virus definition files, and before installing
the KB824146 Hotfix, you're very likely to get infected from any of
the thousands of PCs on the Internet that are constantly broadcasting
the Blaster and/or Welchia worms. It only takes a few seconds of
exposure.

To stay on-line long enough to get the necessary updates, patches,
and removal tools, click Start > Run, and enter "shutdown -a" when the
next RPC countdown begins. This will abort the shut down. Also, make
sure you've enabled a firewall before starting, to preclude any more
intrusions while getting the updates/patches/tools.

Microsoft Security Bulletin MS03-39
http://support.microsoft.com/?kbid=824146

What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp

W32.Blaster.Worm a.k.a. W32/Lovesan.Worm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html

W32.Blaster.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

W32.Welchia.Worm a.k.a. W32/Nachi.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html

W32.Welchia.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.html

McAfee AVERT Stinger
http://us.mcafee.com/virusInfo/default.asp?id=stinger


Bruce Chambers

--
Help us help you:




You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH
 
Back
Top