remote procedure call

  • Thread starter Thread starter frank
  • Start date Start date
F

frank

i have just upgraded from 98 to xp home, the problem is
every time i go on the net i get a message window rpc,
windows NT AUTHORITY\SYSTEM, AND IT SHUTS DOWN MY COMP IN
50 SECONDS,how can i rectify this problem,thanks.
 
It appears you may have the Blaster Worm


http://www.microsoft.com/security/incident/blast_faq.asp
Blaster Worm FAQ

1. CTRL-ALT-DELETE to bring up the Task Manager. Look for msblast.exe and select
it and End Process. This will stop the computer from shutting down.
It doesn't remove the worm.

To enable your firewall :
- Click Start
- Click Control Panel
- Double Click "Network Connections"
- Right-click on your Dial up Connection, then left click 'Properties'
- Left Click 'Advanced' Under "Internet Connection Firewall" tick the box
'Protect my computer and networking by limiting or preventing access to this
computer from the internet'
- Click Ok and Close the "network connections" box.
You can then connect to the Internet and download the Microsoft relevant patch.

You could also try:
Click Start/Run then type in cmd
and then type in : shutdown -a
Do this when the shutdown prompt appears.

W32.Blaster.Worm patch is available here:-
MS03-039: A Buffer Overrun in RPCSS Could Allow an Attacker to Run Malicious
Programs
http://support.microsoft.com/?kbid=824146

You must download and install the patch. In many cases, you will need to do this
before you can continue with the removal of the worm.
Because of the way the worm works, it may be difficult to connect to the
Internet to obtain the patch, definitions, or removal tool before the worm shuts
down the computer. It has been reported that, for users of Windows XP,
activating the Windows XP firewall may allow you to download and install the
patch, obtain virus definitions, and run the removal tool. This may also work
with other firewalls, although this has not been confirmed.

2. You can download the Symantec Removal Tool from here
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
or you can visit this site to assist in the removal of the worm
http://www3.ca.com/virusinfo/virus.aspx?ID=36265
To download ClnPoza.zip - a utility that cleans a local machine affected by
Win32.Poza,
or this site for assistance: http://www.kellys-korner-xp.com/xp_qr.htm#rpc
 
Your computer became infected when you went online without a anti-virus software installed or running or current updates. You will need to download updates and fixes from microsoft.

----- frank wrote: -----

i have just upgraded from 98 to xp home, the problem is
every time i go on the net i get a message window rpc,
windows NT AUTHORITY\SYSTEM, AND IT SHUTS DOWN MY COMP IN
50 SECONDS,how can i rectify this problem,thanks.
 
-----Original Message-----
It appears you may have the Blaster Worm


http://www.microsoft.com/security/incident/blast_faq.asp
Blaster Worm FAQ

1. CTRL-ALT-DELETE to bring up the Task Manager. Look for msblast.exe and select
it and End Process. This will stop the computer from shutting down.
It doesn't remove the worm.

To enable your firewall :
- Click Start
- Click Control Panel
- Double Click "Network Connections"
- Right-click on your Dial up Connection, then left click 'Properties'
- Left Click 'Advanced' Under "Internet Connection Firewall" tick the box
'Protect my computer and networking by limiting or preventing access to this
computer from the internet'
- Click Ok and Close the "network connections" box.
You can then connect to the Internet and download the Microsoft relevant patch.

You could also try:
Click Start/Run then type in cmd
and then type in : shutdown -a
Do this when the shutdown prompt appears.

W32.Blaster.Worm patch is available here:-
MS03-039: A Buffer Overrun in RPCSS Could Allow an Attacker to Run Malicious
Programs
http://support.microsoft.com/?kbid=824146

You must download and install the patch. In many cases, you will need to do this
before you can continue with the removal of the worm.
Because of the way the worm works, it may be difficult to connect to the
Internet to obtain the patch, definitions, or removal tool before the worm shuts
down the computer. It has been reported that, for users of Windows XP,
activating the Windows XP firewall may allow you to download and install the
patch, obtain virus definitions, and run the removal tool. This may also work
with other firewalls, although this has not been confirmed.

2. You can download the Symantec Removal Tool from here
http://securityresponse.symantec.com/avcenter/venc/data/w 32.blaster.worm.removal.tool.html
or you can visit this site to assist in the removal of the worm
http://www3.ca.com/virusinfo/virus.aspx?ID=36265
To download ClnPoza.zip - a utility that cleans a local machine affected by
Win32.Poza,
or this site for assistance: http://www.kellys-korner- xp.com/xp_qr.htm#rpc




.
Thank you so much Kaylene for your prompt help, you were
Click to expand...
deadset right, and i have now fixed this problem for good
(i can only hope) thanks again, frank
 
Greetings --

If you connected the PC to the Internet without having first
installed the KB824146 Hotfix, without having first installed an
antivirus application with current virus definition files, and before
enabling a firewall, you're very likely to get infected from any of
the thousands of PCs on the Internet that are constantly broadcasting
the Blaster and/or Welchia worms. It only takes a few seconds of
exposure.

To stay on-line long enough to get the necessary updates, patches,
and removal tools, click Start > Run, and enter "shutdown -a" when the
next RPC countdown begins. This will abort the shut down. Also, make
sure you've enabled a firewall before starting, to preclude any more
intrusions while getting the updates/patches/tools.

Microsoft Security Bulletin MS03-39
http://support.microsoft.com/?kbid=824146

What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp

W32.Blaster.Worm a.k.a. W32/Lovesan.Worm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html

W32.Blaster.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

W32.Welchia.Worm a.k.a. W32/Nachi.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html

W32.Welchia.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.html

McAfee AVERT Stinger
http://us.mcafee.com/virusInfo/default.asp?id=stinger


Bruce Chambers

--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH
 
Back
Top