XP shutdown popup

[david]

when XP professional starts I got a popup with shutdown
message ( 60 sec).

by NT authority\system

services.exe has terminated with status code 1073741819.
I ran the fixblast removal tool from symantec but it
didn't find any virus.
I cannot connect to the internet

how can I solve this?

 

[Ramesh]

Disable system restore and run fixblast again.

Your system is infected by RPC (W32.Blaster) Worm. This is causing the
system to shutdown abnormally.

What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp

W32.Blaster.Worm Removal Tool
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

MS03-026: Buffer Overrun in RPC Interface May Allow Code Execution
http://support.microsoft.com/?kbid=823980

MS-MVP Kelly Theriot's Repair Solution:
http://www.kellys-korner-xp.com/xp_qr.htm#rpc

Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability:
http://www.sarc.com/avcenter/security/Content/8205.html

http://www.updatexp.com/msblast-exe.html

http://www.eeye.com/html/Research/Advisories/AL20030811.html

http://aumha.org/win5/a/blaster.htm


--
Regards,
Ramesh
(e-mail address removed)


when XP professional starts I got a popup with shutdown
message ( 60 sec).

by NT authority\system

services.exe has terminated with status code 1073741819.
I ran the fixblast removal tool from symantec but it
didn't find any virus.
I cannot connect to the internet

how can I solve this?

 

[Tom Reyburn]

I have disabled System Restore and run Fix Blast five
times - it reports that the Blaster virus is not on my
system (it was but I removed it). Nonetheless, 4 to 8
times per day, the system shuts down after displaying the
RPC message. I am using Direcway (Direcpc) satellite and
am increasingly concerned that their system has the virus
resident on it. They state that they do not have the
virus in their system.

 

[Ramesh]

First, check the status of RPC service
Click Start | run | services.msc
Double-click remote procedure call.
In the Recovery tab, set "take no action" to all three options.

Secondly, the svchost.exe might be missing or your Anti-virus software might
have deleted it. (as some worms copies the Svchost.exe file over the
legitimate svchost.exe one)

Extract new copy of svchost.exe from XP CD (use recovery console)

If this fails, run a repair install of XP

Also check this important link:
http://support.microsoft.com/default.aspx?kbid=826234

** There are variances of w32.blaster using RPC vulnerability. So, update
the antivirus and re-scan the system.
** Don't only depend on fixblast.

--
Regards,
Ramesh
(e-mail address removed)


I have disabled System Restore and run Fix Blast five
times - it reports that the Blaster virus is not on my
system (it was but I removed it). Nonetheless, 4 to 8
times per day, the system shuts down after displaying the
RPC message. I am using Direcway (Direcpc) satellite and
am increasingly concerned that their system has the virus
resident on it. They state that they do not have the
virus in their system.