Remote Procedure Call Service terminates often

G

Guest

I frequently (once per logged in session, at least) get the below error message:
"The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine."
Once the above error message appears, I have only 60 seconds to finish whatever I am working on. In 60 seconds the machine reboots.
Please let me know how to resolve this issue.
 
R

Rick \Nutcase\ Rogers

Hi SMS,

When the shutdown warning appears, click start/run and enter "shutdown -a"
to halt the process. It's a virus called blaster or lovesan. Information:

http://www.kellys-korner-xp.com/xp_qr.htm#rpc
http://www.pchell.com/virus/msblast.shtml
http://vil.nai.com/vil/content/v_100499.htm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html
http://www.bigblackglasses.com/Article.aspx?Article=342

You need the patch described here to protect against it:

MS03-039: A Buffer Overrun in RPCSS Could Allow an Attacker to Run Malicious
Programs
http://support.microsoft.com/?kbid=824146

Problem is, you needed to install the patch BEFORE you got infected to avoid
it.

--
Best of Luck,

Rick Rogers aka "Nutcase" MS-MVP - Win9x
Windows isn't rocket science! That's my other hobby!

Associate Expert - WinXP - Expert Zone



SMS said:
I frequently (once per logged in session, at least) get the below error message:
"The Remote Procedure Call (RPC) service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Reboot the machine."
Once the above error message appears, I have only 60 seconds to finish
whatever I am working on. In 60 seconds the machine reboots.
 
B

Bruce Chambers

Greetings --

If you connected the PC to the Internet without having first
installed the KB824146 Hotfix, without having first installed an
antivirus application with current virus definition files, and before
enabling a firewall, you're very likely to get infected from any of
the thousands of PCs on the Internet that are constantly broadcasting
the Blaster and/or Welchia worms. It only takes a few seconds of
exposure.

To stay on-line long enough to get the necessary updates, patches,
and removal tools, click Start > Run, and enter "shutdown -a" when the
next RPC countdown begins. This will abort the shut down. Also, make
sure you've enabled a firewall before starting, to preclude any more
intrusions while getting the updates/patches/tools.

Microsoft Security Bulletin MS03-39
http://support.microsoft.com/?kbid=824146

What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp

W32.Blaster.Worm a.k.a. W32/Lovesan.Worm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html

W32.Blaster.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

W32.Welchia.Worm a.k.a. W32/Nachi.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html

W32.Welchia.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.html

McAfee AVERT Stinger
http://us.mcafee.com/virusInfo/default.asp?id=stinger


Bruce Chambers
--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top