===THIS WILL FIX RPC SHUTDOWN===

  • Thread starter Thread starter Wendy
  • Start date Start date
W

Wendy

***GO OFFLINE TO HAVE TIME TO DO THIS. IF YOU HAVE CABLE
MODEM, COPY AND PASTE THIS MESSAGE TO YOUR CLIPBOARD,
UNPLUG MODEM, AND FOLLOW INSTRUCTIONS****

Unfortunatley, I did a destructive restore before I was
able to solve this problem. Do not do it! Fix your
network connection first! I wish I had.


The computer is trying to protect itself from hacking. Go
to CONTROL PANEL. Go to NETWORK CONNECTIONS. Click on the
one you use, go to left panel(Network Tasks) and select
CHANGE SETTINGS OF THIS CONNECTION. Click on the ADVANCED
tab, and put a check in the box : "PROTECT MY COMPUTER
AND NETWORK BY LIMITING OR PREVENTING ACCESS TO THIS
COMPUTER FROM THE INTERNET"

..
 
Just a note to everyone in this group. If you are calling Microsoft for
assistance with this problem, expect over a 2.5 hour wait. They have over
800 calls waiting right now.

The best bet would be to install/enable a firewall and make sure you have
the patch installed as per the links below.

MS03-026: Buffer Overrun in RPC Interface May Allow Code Execution
http://support.microsoft.com/?kbid=823980

Enable the windows XP Firewall
https://www.microsoft.com/technet/t...nol/winxppro/proddocs/hnw_enable_firewall.asp

More info about the worm:
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html
 
Wendy said:
***GO OFFLINE TO HAVE TIME TO DO THIS. IF YOU HAVE CABLE
MODEM, COPY AND PASTE THIS MESSAGE TO YOUR CLIPBOARD,
UNPLUG MODEM, AND FOLLOW INSTRUCTIONS****

Unfortunatley, I did a destructive restore before I was
able to solve this problem. Do not do it! Fix your
network connection first! I wish I had.


The computer is trying to protect itself from hacking. Go
to CONTROL PANEL. Go to NETWORK CONNECTIONS. Click on the
one you use, go to left panel(Network Tasks) and select
CHANGE SETTINGS OF THIS CONNECTION. Click on the ADVANCED
tab, and put a check in the box : "PROTECT MY COMPUTER
AND NETWORK BY LIMITING OR PREVENTING ACCESS TO THIS
COMPUTER FROM THE INTERNET"
Click to expand...

Wendy

This is a good first step, however, this will not fix the vulnerability or
fix the systems that have already been infected.

There's a new major worm currently hitting the Internet. You can get more
info about the worm here:

*Warning*
If your system has been infected by this new worm, applying the security
patch will not remove or disable the worm. This only protects your system
from any new infection.

http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html

The following fix procedure is courtesy of Ron Martell, MVP

This is caused by a new and rapidly spreading worm.

To clear up the "NT Authority\System" and RPC call errors:

1. Go to http://support.microsoft.com/?kbid=823980 and download the
security patch. If at all possible do this on a clean machine and copy the
patch to a 3.5 inch diskette.

2. Boot the infected machine into Safe Mode (tapping the F8 key multiple
times
before and during the boot menu). Insert the 3.5 inch diskette with the
patch on it and run it. Do not reboot yet.

3. Use Start - Run - MSCONFIG and go to the Startup tab. Locate the entry
for MSBLAST.EXE and clear the checkbox for it.

4. Use Start - Search and check all your hard drives for the file
MSBLAST.EXE and delete all copies of it.

5. Shut down and restart the computer normally.

6. Immediately do an update of your antivirus software and when the updates
are installed do a complete virus scan of your hard drive.
--
Ronnie Vernon
Microsoft MVP
Windows Shell/User

Please reply to the newsgroup so all may benefit.
Unsolicited e-mail is not answered.
 
Back
Top