RPC Service

[Shawn Wilson]

Last night, when I was trying to prevent getting the
msblast.exe worm, I was told to disable my RPC services to
stop hackers from being able to get in through those
ports. I could not disable the main RPC service (RPCSS),
but I was able to disable the RPC Locator and in the
properties, their was an option to disable it in the
hardware profile. I also disabled the messenger service.
After I did this and rebooted, It took Windows a long time
to start back up. My start manu and taskbar disappeared
also, and when I go back to Computer Management and
Services, I can't start the RPC Locator back up and
reenable it in the hardware profile. When I right-click
the service and click properties, the properties screen
won't appear. The start option is also greyed out. I
also noticed that a new tab was created under services
that says "Extended". My options that I had are under a
tab labled "Standard" The extended tab is blank and just
has a blue square with the icon of the two gears. I'm not
sure what happened when I disabled these two services, but
I don't know if or how I can recover. I don't know if
this can be done through the registry. Is there any way to
reverse this change? I have limited functionality in
Windows, but I don't know what to do.

Thanks,
Shawn Wilson

 

[Nicholas]

Shawn --

Read and follow the procedures outlined in the following articles:

What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp

W32.Blaster.Worm Removal Tool
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

MS03-026: Buffer Overrun in RPC Interface May Allow Code Execution
http://support.microsoft.com/?kbid=823980

**** You need to make sure you have a FIREWALL enabled ****

Open XP's "Help and Support" and type: FIREWALL , and hit enter.
Click on the topic titled "Enable or Disable Internet Connection Firewall".

Essential Security Tools for Home Office Users
http://www.microsoft.com/technet/tr...l=/technet/columns/security/5min/5min-105.asp

Last, but not least, consider purchasing and installing a good
internet security package, such as:

Norton Internet Security 2003
http://www.symantec.com/sabu/nis/nis_pe/

-- Includes Norton AntiVirus 2003
-- Includes Norton Personal Firewall
-- Includes prevention of annoying web pop-ups
-- Includes Parental Controls
-- All in one, easy-to-install & manage package


--
Nicholas

-----------------------------------------------------------------------


| Last night, when I was trying to prevent getting the
| msblast.exe worm, I was told to disable my RPC services to
| stop hackers from being able to get in through those
| ports. I could not disable the main RPC service (RPCSS),
| but I was able to disable the RPC Locator and in the
| properties, their was an option to disable it in the
| hardware profile. I also disabled the messenger service.
| After I did this and rebooted, It took Windows a long time
| to start back up. My start manu and taskbar disappeared
| also, and when I go back to Computer Management and
| Services, I can't start the RPC Locator back up and
| reenable it in the hardware profile. When I right-click
| the service and click properties, the properties screen
| won't appear. The start option is also greyed out. I
| also noticed that a new tab was created under services
| that says "Extended". My options that I had are under a
| tab labled "Standard" The extended tab is blank and just
| has a blue square with the icon of the two gears. I'm not
| sure what happened when I disabled these two services, but
| I don't know if or how I can recover. I don't know if
| this can be done through the registry. Is there any way to
| reverse this change? I have limited functionality in
| Windows, but I don't know what to do.
|
| Thanks,
| Shawn Wilson

 

[Shawn WIlson]

I don't actually have the worm. I was trying to prevent
it by disabling the service that the hackers were using to
send it. My "Help and Support" won't display. I also
noticed that when I start windows, My Norton Antivirus
gives me a message saying there is an error starting the
RPC server. I tried going back to DOS and doing a NET
START RPCSS and NET START RPCLOCATOR. These give me a
system error 1058 message saying that the service cannot
be started because there is no hardware profile associated
with it. My problem is getting this service restarted
since I can't seem to get it started through the Control
Panel, Administrative Tools, Services area. I also don't
know where that blank "Extended" tab came from that shows
up in there now. Some other services I try to start also
say the can't because a dependency service is not
started. I don't know what to do.

 

[Alfred Sehmueller]

Hello Shawn,

me and certainly many more people did the steps you did.
My windows is also "dead" now. If you find out something usefull,
please let us know.

Bye Alfred

 

[Howard Harris]

Hello Shawn,

me and certainly many more people did the steps you did.
My windows is also "dead" now. If you find out something usefull,
please let us know.

Check out Remote Procedure Call in the following and follow the link
to information on how to fix things if you have disabled it. The
registry patch is provided in relation to an unbootable W2K following
disabling of RPC, but it might well be worth giving it a go (possibly
don't need to boot to safe mode to do so, either).

http://www.blackviper.com/WinXP/service411.htm