Remote Procedure Call (RPC)

[Guest]

My Laptop is experiencing a Remote Procedure Call (RPC) and shutting down automatically. I have searched for the "MSBlaster.exe" virus file and have not found it. I cannot stay in the registry long enough to search for anything related to the virus because the "regedit" program closes about 5 seconds after i open it. Also Norton AV is not installable because it keeps getting shut down as well. Please Advise me on my next step for this issue. I have formatted the Hard Drive and still have it as well. Have tried "Format /u" though. I would like to know it will work before I format again. please help

 

[Pegasus \(MVP\)]

My Laptop is experiencing a Remote Procedure Call (RPC) and shutting down

automatically. I have searched for the "MSBlaster.exe" virus file and have
not found it. I cannot stay in the registry long enough to search for
anything related to the virus because the "regedit" program closes about 5
seconds after i open it. Also Norton AV is not installable because it keeps
getting shut down as well. Please Advise me on my next step for this issue.
I have formatted the Hard Drive and still have it as well. Have tried
"Format /u" though. I would like to know it will work before I format
again. please help.
You say that you formatted your disk. How exactly did you format it? Did you
reload Win2000 after formatting?

Scan your PC with an external virus scanner, e.g. on www.antivirus.com
("free online scan").

 

[Doug Knox MS-MVP]

First, you need to keep your computer disconnected from the internet, until you've performed the following.

Enable XP's built in Firewall (See Help and Support). Additionally, you may want to go to Start, Run and enter SERVICES.MSC Locate the Remote Procedure Call service entry and double click it. Go to the Recovery tab. Set the Recovery options to Restart the Service, rather than Restart the Computer.

Then you can safely go online and visit www.kellys-korner-xp.com/xp_qr.htm#rpc for a tool that will remove Blaster if its on your system, and a link to the patch that will protect your computer from this type of attack.

Then go back to Services and set the Recovery options for the RPC service back to Restart the Computer.

 

[Guest]

You could also have many versions of the blaster as well
as other spyware/trojans.
Do below then also download install and run adaware &
spybot(search cnet.com or google for these).

Your computer is now infected with the W32.Blaster.Worm or
one of its variants. This happened because you have not
been using an internet connection firewall and have
apparently neglected to install the critical updates
available at the Windows Update website.
-----------------------------------------------------------
-------
If your computer is constantly attempting to shutdown
or reboot, quickly go to:

Start > Run and type: CMD , and hit enter.
This opens the Command Prompt window.

Then type: shutdown -a , and hit enter.

This should halt the rebooting problem.
-----------------------------------------------------------
-------
Then immediately turn-on Windows XP's built-in Firewall:
http://www.microsoft.com/security/protect/
(To enable the built-in firewall, go to:
Control Panel, double-click Networking and Internet
Connections, then click Network Connections. Right-click
your connection, then
Click Properties, and on the Advanced tab, click the option
"Protect my computer and network..." Note: the built in
firewall only monitors incoming traffic not outgoing (ie
spyware, trojans, etc.. you may have on your system).)

What You Should Know About the Blaster Worm and Its
Variants
http://www.microsoft.com/security/incident/blast.asp

A tool is available to remove Blaster worm and Nachi worm
infections from computers
that are running Windows 2000 or Windows XP
http://support.microsoft.com/?kbid=833330

A security issue has been identified that could allow an
attacker to
remotely compromise a computer running Microsoft Windows
and
gain complete control over it. You can help protect your
computer
by installing this update from Microsoft.
http://www.microsoft.com/downloads/details.aspx?
FamilyId=2354406C-C5B6-44AC-9532-
3DE40F69C074&displaylang=en

Above courtesy of MVP Carey
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

***Install a good firewall. ZoneAlarm is a free one you
can install.
Install a good anti-virus program making sure you keep
it's definitions up to date! ***
- - - - - - - - - - - - -
Microsoft Security Bulletin MS03-39
http://support.microsoft.com/?kbid=824146

What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp

Protect Your PC
http://www.microsoft.com/security/protect/default.asp

W32.Blaster.Worm a.k.a. W32/Lovesan.Worm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm
..html

W32.Blaster.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm
..removal.tool.html

W32.Welchia.Worm a.k.a. W32/Nachi.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32
..welchia.worm.html

W32.Welchia.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.welchia.worm
..removal.tool.html

-----Original Message-----
My Laptop is experiencing a Remote Procedure Call (RPC)

and shutting down automatically. I have searched for
the "MSBlaster.exe" virus file and have not found it. I
cannot stay in the registry long enough to search for
anything related to the virus because the "regedit"
program closes about 5 seconds after i open it. Also
Norton AV is not installable because it keeps getting shut
down as well. Please Advise me on my next step for this
issue. I have formatted the Hard Drive and still have it
as well. Have tried "Format /u" though. I would like to
know it will work before I format again. please help.

 

[Bruce Chambers]

Greetings --

The Regedit behavior you describe, which also often applies to the
Task Manager and MSConfig, is typical behavior of more than one
virus/worm, the three below being the most common. In addition,
W32.Spybot.Worm also disables many antivirus applications, if they
haven't been kept up-to-date.

W32.Klez
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

W32.Yaha
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

W32.Spybot.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html

If you connected the PC to the Internet without having first
installed the KB824146 Hotfix, without having first installed an
antivirus application with current virus definition files, and before
enabling a firewall, you're very likely to get infected from any of
the thousands of PCs on the Internet that are constantly broadcasting
the Blaster and/or Welchia worms. It only takes a few seconds of
exposure.

To stay on-line long enough to get the necessary updates, patches,
and removal tools, click Start > Run, and enter "shutdown -a" when the
next RPC countdown begins. This will abort the shut down. Also, make
sure you've enabled a firewall before starting, to preclude any more
intrusions while getting the updates/patches/tools.

Microsoft Security Bulletin MS03-39
http://support.microsoft.com/?kbid=824146

What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp

W32.Blaster.Worm a.k.a. W32/Lovesan.Worm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html

W32.Blaster.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

W32.Welchia.Worm a.k.a. W32/Nachi.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html

W32.Welchia.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.html

McAfee AVERT Stinger
http://us.mcafee.com/virusInfo/default.asp?id=stinger


Bruce Chambers
--
Help us help you:


You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH