does anyone know if the manual instructions need to be
completed for the msblast.exe file, even though a worm
patch has been downloaded & the virus deleted???????
http://www.kellys-korner-xp.com/xp_qr.htm#rpc
Remote Procedure Call (RPC) Exploit - Updated!
Special thanks to MVP Doug Knox and Mike Kolitz
Windows shuts down after 60 seconds because the Remote
Procedure Call (RPC) service terminated unexpectedly.
Suggestions:
Go to Start/Run and type in: services.msc. Scroll down to
Remote Procedure Call (RPC)/Recovery/First
Failure/Restart the Service. Close Windows Explorer,
download the script on line (a) then the patch on line
(b) or follow the prompt within the script. This script
removes the W32.Blaster.Worm and W32.Blaster.B.Worm and
W32.Blaster.C.Worm.
That is all that is needed to be done. The rest provided
below it, is just for informational purposes.
1. a. Download this VB Script. The script deletes the
run key from the registry, msblast.exe from the System32
folder and stops the process in the Task Manager.
b. Install the 823980 patch.
Manual Instruction:
Rename msblast.exe in the System32 folder. Stop the
process in the Task Manager labeled msblast.exe. Then go
to Start/Run/Regedit and delete this entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Run "windows auto update"="msblast.exe"
2. Error Message when trying to download the patch:
Setup could not verify the integrity of the file
update.inf. Make sure the Crytographic service is
running. Go to Start/Run and type in: regsvr32
wintrust.dll.
If that doesn't help: Go to Start/Run and type in CMD. At
the command prompt, type the following commands, pressing
ENTER after each line:
net stop cryptsvc
ren %systemroot%\system32\catroot2 oldcatroot2
net start cryptsvc
