Windows XP Product Activation

D

Danie Dreyer

have just installed Windows XP Professional and
Microsoft Office (Student Edition 2003) with Norton
Antivirus. When logging onto the internet - after about 2
min - I get the following message (2 options) with a
60sec count-down. (I cannot even activate my new MS
products - was however successful in activating NAV).

'Windows must now shut down
Remote Call Procedure (RCP) terminated unexpectedly.
Initiated by NT AUTHORITY\SYSTEM'

Or

'The process c:\windows\system32\isass.exe terminated
unexpectedly with status code 107 3741819. The system
will now shut down and restart'
 
G

Guest

Hi,

Sasser worm or MSBlast is my guess. (Almost 100 percent
sure, just don't remember which one it is.)

Good luck!

/GS
 
S

Simon Zerafa

Hi,

You have been infected with the Sasser Worm, because:

You have not enabled the XP Firewall on your NIC / Dial-up Connection,
You have not patched your copy of Windows XP with all of the critical
patches or installed XP Service Pack 2
Your copy of Norton AntiVirus is possibly out of date or needs updating with
the latest AntiVirus definitions

You should now remove the Sasser Worm using either an updated Norton or
another tool, after activating the Windows Firewall.

Once this is done you MUST patch your OS so that the "hole" which Sasser
used is fixed.

Full instructions can be found here:

http://www.microsoft.com/security/incident/sasser.mspx

Regards

Simon
 
B

Bruce Chambers

Greetings --

1) If you connected the PC to the Internet without having first
enabled a firewall, without having first installed an antivirus
application with current virus definition files, and before installing
the KB828471 Hotfix, you're very likely to get infected from any of
the thousands of PCs on the Internet that are constantly broadcasting
the Blaster and/or Welchia worms. It only takes a few seconds of
exposure.

To stay on-line long enough to get the necessary updates, patches,
and removal tools, click Start > Run, and enter "shutdown -a" when the
next RPC countdown begins. This will abort the shut down. Also, make
sure you've enabled a firewall before starting, to preclude any more
intrusions while getting the updates/patches/tools.

MS04-012 Cumulative Update for Microsoft RPC-DCOM
http://support.microsoft.com/default.aspx?scid=kb;en-us;828741

What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp

W32.Blaster.Worm a.k.a. W32/Lovesan.Worm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html

W32.Blaster.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

W32.Welchia.Worm a.k.a. W32/Nachi.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html

W32.Welchia.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.html

McAfee AVERT Stinger
http://us.mcafee.com/virusInfo/default.asp?id=stinger


2) You've apparently contracted the latest worm, W32.Sasser.Worm,
specifically designed to attack people who do not update their
computers promptly and who do not practice "safe hex." In other
words, like Blaster, this worm was developed and distributed _after_ a
patch for the vulnerability was announced and made publicly available.
Further, and also like Blaster, this worm could not affect any
computer whose user had taken the basic precaution of using a properly
configured firewall.

To stay on-line long enough to get the necessary updates, patches,
and removal tools, click Start > Run, and enter "shutdown -a" when the
next Shutdown countdown begins. This will abort the shut down. Also,
make sure you've enabled a firewall before starting, to preclude any
more intrusions while getting the updates/patches/tools.

What You should Know about the Sasser Worm and its Variants
http://www.microsoft.com/security/incident/sasser.asp

Microsoft Security Bulletin MS04-011
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

W32.Sasser.Worm
http://www.symantec.com/avcenter/venc/data/w32.sasser.worm.html

A tool is available to remove the Sasser worm variants
http://support.microsoft.com/default.aspx?scid=kb;EN-US;841720

W32.Sasser.Worm Removal Tool
http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.removal.tool.html

McAfee AVert Stinger Virus Removal Tool
http://vil.nai.com/vil/stinger/


Bruce Chambers
--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. - RAH
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Upgrading from ME to XP .... 3
Help 2
Shutdown loop 1
Windows xp "System Shutdown" message 3
NT Authority System Shutdown 1
windows shutdown ( unwanted) 1
System shutdown due to RPC terminated unexpectedly 29
Fatal error when trying to load Windows XP Home on reformatted dri 2

Top