RPC

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi all,

Can any one help me on how do I eliminate/remove this NT security Remote
Procedure Call (RPC) from my Windows XP OS.

Earlier, I had run fix tools for Sasser & Mydoom and also patch files for
both Windows XP & 2000. But, the problem still remains.

Please advice or suggest on how do I solve this problem. And do let me know
whether it is a virus or not?

You can email me st (e-mail address removed)
Thanks
 
Lets see....



1. You connected to the internet without enabling the Windows firewall.



2. You also have no antivirus software installed.



3. You did not update your version of windows...if you had, the patch to

prevent infection from the SASSER or BLASTER worm would have been on your
system (it's

been available for months).



The reason that your machine is infected is because of all of the above.

You must educate yourself on basic computer security.



Here's what you need to do now, in this exact order...



1. Disconnect the computer from the internet...If you have broadband,

physically disconnect the cable from the back of the computer.





2. Turn the computer on. When the message appears, START>Run>'Shutdown -a"



3. Enable the windows firewall. It is very rudimentary as firewalls go,

but it is better than nothing.



4. Install a reputable Antivirus program. You will have to update it after

re-connecting to the internet, and thereafter you MUST KEEP IT UPDATED.



5. Connect to the internet.



6. Update your antivirus software.



7. Run a scan and let the antivirus software will clean your system.



8. Connect to Windows Update and download ALL Critical downloads. Install

them. You may have to repeat this more than once in order to download and

install all Critical Updates.



9. Never, ever connect to the internet, even briefly, without having met

all of the above requirements.



You not only allowed you machine to be infected, but you turned it into a

tool that is/was looking for other unprotected computers to connect. It has

been recently announced that an unprotected computer can be infected in as

little as 40 seconds.



I would venture a bet that your computer has more than just the latest

variant of the SASSER worm.



Once you begin to practice basic computer security, you can become a

responsible "netizen"



Bobby







Here are some useful links that were posted earlier by Bruce Chambers:





Protect Your PC

http://www.microsoft.com/security/protect/default.asp



Home Computer Security

http://www.cert.org/homeusers/HomeComputerSecurity/



List of Antivirus Software Vendors

http://support.microsoft.com/default.aspx?scid=kb;en-us;49500



Home PC Firewall Guide

http://www.firewallguide.com/



Scumware.com

http://www.scumware.com/
 
Dreamcatcher said:
Hi all,

Can any one help me on how do I eliminate/remove this NT security
Remote Procedure Call (RPC) from my Windows XP OS.

Earlier, I had run fix tools for Sasser & Mydoom and also patch
files
for both Windows XP & 2000. But, the problem still remains.

Please advice or suggest on how do I solve this problem. And do let
me know whether it is a virus or not?

You can email me st (e-mail address removed)
Thanks
Click to expand...


If you connected the PC to the Internet without having first
enabled a firewall, without having first installed an antivirus
application with current virus definition files, and before installing
the KB828471 Hotfix, you're very likely to get infected from any of
the thousands of PCs on the Internet that are constantly broadcasting
the Blaster and/or Welchia worms. It only takes a few seconds of
exposure.

To stay on-line long enough to get the necessary updates, patches,
and removal tools, click Start > Run, and enter "shutdown -a" when the
next RPC countdown begins. This will abort the shut down. Also, make
sure you've enabled a firewall before starting, to preclude any more
intrusions while getting the updates/patches/tools.

MS04-012 Cumulative Update for Microsoft RPC-DCOM
http://support.microsoft.com/default.aspx?scid=kb;en-us;828741

What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp

W32.Blaster.Worm a.k.a. W32/Lovesan.Worm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html

W32.Blaster.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

W32.Welchia.Worm a.k.a. W32/Nachi.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html

W32.Welchia.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.html

McAfee AVERT Stinger
http://us.mcafee.com/virusInfo/default.asp?id=stinger

--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having
both at once. - RAH
 
Back
Top