RPC terminated unexpectedly - computer will now shutdown

[Simon Noonan]

After connecting to the internet for a few minutes I get a
box with the message telling me the RPC terminated
unexpectedly the computer will now shutdown. I had
previously used my dial up with no dramas.

Any ideas

Cheers Simon

 

[Nicholas]

Simon --

Read and follow the instructions in this article:

MS03-026: Buffer Overrun in RPC Interface May Allow Code Execution
http://support.microsoft.com/?kbid=823980

**** You need to make sure you have a FIREWALL enabled ****

Open XP's "Help and Support" and type: FIREWALL , and hit enter.
Click on the topic titled "Enable or Disable Internet Connection Firewall".

Additional information from Symantec:

Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability
http://securityresponse.symantec.com/avcenter/security/Content/8205.html

The RPC alert has been diagnosed as the W32.Blaster.Worm and removal
instructions are available from this Symantec link:
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html


--
Nicholas

-------------------------------------------------------------------------------


| After connecting to the internet for a few minutes I get a
| box with the message telling me the RPC terminated
| unexpectedly the computer will now shutdown. I had
| previously used my dial up with no dramas.
|
| Any ideas
|
| Cheers Simon

 

[Kenrick Fu]

The computer is suspected to be infected with the W32.Blaster.Worm, to remove this worm:
1. Click Start, and then click Run. (The Run dialog box appears.)
2. Type regedit and press OK
3. Navigate to the registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

4. Delete the value

"windows auto update"="msblast.exe"

5. Exit the Registry Editor.

It is also recommended to install the RPC patch from Microsoft immediately
http://www.microsoft.com/security/security_bulletins/ms03-026.asp

 

[Deke Edwards]

I have the same problem. This is the first time it
happened. I would appreciate any help.

Deke

 

[John E. Carty]

You have been infected with the MSBLAST worm. See the following for
patch/removal details:



http://support.microsoft.com/?kbid=823980



http://vil.nai.com/vil/content/v_100547.htm

 

[Reena Agarwal [MS]]

I would also encourage you to enable a firewall on your system.

This is included in WindowsXP. Search the online help for 'firewall' and
choose the topic titles 'Enable or disable Internet connection firewall'

This will make your system safer.
Reena.