Nicholas said:
John --
Apparently, your friend's computer has an unwelcome visitor (VIRUS)
known
as the WM32 Blaster/Lovsan WORM.
It entered the computer through the internet connection because the
"firewall"
was not properly enabled and essential critical updates were not
installed from
the Windows Update website. For instructions on fixing the problem,
visit:
What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp
Remove W32.MSBlast.Worm
http://www.kellys-korner-xp.com/xp qr.htm#rpc
Blaster Worm: Critical Security Patch for Windows XP (32-bit version)
http://microsoft.com/downloads/details.aspx?FamilyId=2354406C-C5B6-44AC
-9532-3DE40F69C074&displaylang=en
If your computer is constantly attempting to shutdown
or reboot, quickly go to:
Start > Run and type: CMD , and hit enter.
This opens the Command Prompt window.
Then type: shutdown -a , and hit enter.
This should halt the rebooting problem.
Then immediately turn-on Windows XP's built-in Firewall:
How do I turn on the Firewall?
http://www.andyrathbone.com/tips/firewall.html
**** IMPORTANT ****
Visit this web site if you experience difficulty installing
Windows XP Security Patch 823980:
How To Fix The Cryptographic Service Error
http://www.updatexp.com/cryptographic-service.html
--
Nicholas
----------------------------------------------------------------------
|
| My 74-year old German friend here in Florida is having a
| problem with his relatively new PC. After working in any
| application, a shutdown message appears "Generic host
| process for win32 services has encountered a problem and
| needs to close" Other screen text includes "Initiated by
| NT authority system" "Remote procedure call RPC
| terminated." XP (Home Edition) then begins the 60-second
| shutdown clock urging him to save work or lose it.
|
| This happens every time he works on the machine. It is
| not on a network and he is using BellSouth as an ISP. The
| message appears consistantly after 5 minutes of reading
| mail or using IE. Updated Norton virus scanning has
| detected nothing on his machine. Thoughts?
Associated dialog found in appcompat:
<?xml version="1.0" encoding="UTF-16"?>
<DATABASE>
<EXE NAME="SYSTEM INFO" FILTER="GRABMI_FILTER_SYSTEM">
<MATCHING_FILE NAME="advapi32.dll" SIZE="558080"
CHECKSUM="0x7B6E5DDA" BIN_FILE_VERSION="5.1.2600.1106"
BIN_PRODUCT_VERSION="5.1.2600.1106" PRODUCT_VERSION="5.1.2600.1106"
FILE_DESCRIPTION="Advanced Windows 32 Base API"
COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows®
Operating System" FILE_VERSION="5.1.2600.1106 (xpsp1.020828-1920)"
ORIGINAL_FILENAME="advapi32.dll" INTERNAL_NAME="advapi32.dll"
LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved."
VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004"
VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x9315E"
LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.1106"
UPTO_BIN_PRODUCT_VERSION="5.1.2600.1106" LINK_DATE="08/29/2002
10:40:40" UPTO_LINK_DATE="08/29/2002 10:40:40" VER_LANGUAGE="English
(United States) [0x409]" />
<MATCHING_FILE NAME="gdi32.dll" SIZE="250368"
CHECKSUM="0x29850525" BIN_FILE_VERSION="5.1.2600.1106"
BIN_PRODUCT_VERSION="5.1.2600.1106" PRODUCT_VERSION="5.1.2600.1106"
FILE_DESCRIPTION="GDI Client DLL" COMPANY_NAME="Microsoft Corporation"
PRODUCT_NAME="Microsoft® Windows® Operating System"
FILE_VERSION="5.1.2600.1106 (xpsp1.020828-1920)"
ORIGINAL_FILENAME="gdi32" INTERNAL_NAME="gdi32" LEGAL_COPYRIGHT="©
Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0"
VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2"
MODULE_TYPE="WIN32" PE_CHECKSUM="0x4285C" LINKER_VERSION="0x50001"
UPTO_BIN_FILE_VERSION="5.1.2600.1106"
UPTO_BIN_PRODUCT_VERSION="5.1.2600.1106" LINK_DATE="08/29/2002
10:40:39" UPTO_LINK_DATE="08/29/2002 10:40:39" VER_LANGUAGE="English
(United States) [0x409]" />
<MATCHING_FILE NAME="kernel32.dll" SIZE="930304"
CHECKSUM="0xCBCCF8A9" BIN_FILE_VERSION="5.1.2600.1106"
BIN_PRODUCT_VERSION="5.1.2600.1106" PRODUCT_VERSION="5.1.2600.1106"
FILE_DESCRIPTION="Windows NT BASE API Client DLL"
COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows®
Operating System" FILE_VERSION="5.1.2600.1106 (xpsp1.020828-1920)"
ORIGINAL_FILENAME="kernel32" INTERNAL_NAME="kernel32"
LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved."
VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004"
VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xE7ED3"
LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.1106"
UPTO_BIN_PRODUCT_VERSION="5.1.2600.1106" LINK_DATE="08/29/2002
10:40:40" UPTO_LINK_DATE="08/29/2002 10:40:40" VER_LANGUAGE="English
(United States) [0x409]" />
<MATCHING_FILE NAME="ntdll.dll" SIZE="654336"
CHECKSUM="0xC568C00F" BIN_FILE_VERSION="5.1.2600.1217"
BIN_PRODUCT_VERSION="5.1.2600.1217" PRODUCT_VERSION="5.1.2600.1217"
FILE_DESCRIPTION="NT Layer DLL" COMPANY_NAME="Microsoft Corporation"
PRODUCT_NAME="Microsoft® Windows® Operating System"
FILE_VERSION="5.1.2600.1217 (xpsp2.030429-2131)"
ORIGINAL_FILENAME="ntdll.dll" INTERNAL_NAME="ntdll.dll"
LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved."
VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004"
VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xA5841"
LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.1217"
UPTO_BIN_PRODUCT_VERSION="5.1.2600.1217" LINK_DATE="05/01/2003
23:56:10" UPTO_LINK_DATE="05/01/2003 23:56:10" VER_LANGUAGE="English
(United States) [0x409]" />
<MATCHING_FILE NAME="ole32.dll" SIZE="1172992"
CHECKSUM="0x59FABDBE" BIN_FILE_VERSION="5.1.2600.1263"
BIN_PRODUCT_VERSION="5.1.2600.1263" PRODUCT_VERSION="5.1.2600.1263"
FILE_DESCRIPTION="Microsoft OLE for Windows" COMPANY_NAME="Microsoft
Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System"
FILE_VERSION="5.1.2600.1263 (xpsp2.030819-2129)"
ORIGINAL_FILENAME="OLE32.DLL" INTERNAL_NAME="OLE32.DLL"
LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved."
VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004"
VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x1248AC"
LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.1263"
UPTO_BIN_PRODUCT_VERSION="5.1.2600.1263" LINK_DATE="08/25/2003
18:53:42" UPTO_LINK_DATE="08/25/2003 18:53:42" VER_LANGUAGE="English
(United States) [0x409]" />
<MATCHING_FILE NAME="oleaut32.dll" SIZE="569344"
CHECKSUM="0x276CFFB1" BIN_FILE_VERSION="3.50.5016.0"
BIN_PRODUCT_VERSION="3.50.5016.0" PRODUCT_VERSION="3.50.5016.0"
FILE_DESCRIPTION="Microsoft OLE 3.50 for Windows NT(TM) and Windows
95(TM) Operating Systems" COMPANY_NAME="Microsoft Corporation"
PRODUCT_NAME="Microsoft OLE 3.50 for Windows NT(TM) and Windows
95(TM) Operating Systems" FILE_VERSION="3.50.5016.0"
INTERNAL_NAME="OLEAUT32.DLL" LEGAL_COPYRIGHT="Copyright © Microsoft
Corp. 1993-1999." VERFILEDATEHI="0x0" VERFILEDATELO="0x0"
VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32"
PE_CHECKSUM="0x999AF" LINKER_VERSION="0x0"
UPTO_BIN_FILE_VERSION="3.50.5016.0"
UPTO_BIN_PRODUCT_VERSION="3.50.5016.0" LINK_DATE="08/29/2002 10:40:34"
UPTO_LINK_DATE="08/29/2002 10:40:34" VER_LANGUAGE="English (United
States) [0x409]" />
<MATCHING_FILE NAME="shell32.dll" SIZE="8240640"
CHECKSUM="0x1D64017A" BIN_FILE_VERSION="6.0.2800.1233"
BIN_PRODUCT_VERSION="6.0.2800.1233" PRODUCT_VERSION="6.00.2800.1233"
FILE_DESCRIPTION="Windows Shell Common Dll" COMPANY_NAME="Microsoft
Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System"
FILE_VERSION="6.00.2800.1233 (xpsp2.030604-1804)"
ORIGINAL_FILENAME="SHELL32.DLL" INTERNAL_NAME="SHELL32"
LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved."
VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004"
VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x7E4A55"
LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2800.1233"
UPTO_BIN_PRODUCT_VERSION="6.0.2800.1233" LINK_DATE="06/11/2003
20:43:47" UPTO_LINK_DATE="06/11/2003 20:43:47" VER_LANGUAGE="English
(United States) [0x409]" />
<MATCHING_FILE NAME="user32.dll" SIZE="528896"
CHECKSUM="0xA4520BB9" BIN_FILE_VERSION="5.1.2600.1134"
BIN_PRODUCT_VERSION="5.1.2600.1134" PRODUCT_VERSION="5.1.2600.1134"
FILE_DESCRIPTION="Windows XP USER API Client DLL"
COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows®
Operating System" FILE_VERSION="5.1.2600.1134 (xpsp2.020921-0842)"
ORIGINAL_FILENAME="user32" INTERNAL_NAME="user32" LEGAL_COPYRIGHT="©
Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0"
VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2"
MODULE_TYPE="WIN32" PE_CHECKSUM="0x8D044" LINKER_VERSION="0x50001"
UPTO_BIN_FILE_VERSION="5.1.2600.1134"
UPTO_BIN_PRODUCT_VERSION="5.1.2600.1134" LINK_DATE="11/01/2002
23:26:44" UPTO_LINK_DATE="11/01/2002 23:26:44" VER_LANGUAGE="English
(United States) [0x409]" />
<MATCHING_FILE NAME="wininet.dll" SIZE="599040"
CHECKSUM="0xBEF20B21" BIN_FILE_VERSION="6.0.2800.1106"
BIN_PRODUCT_VERSION="6.0.2800.1106" PRODUCT_VERSION="6.00.2800.1106"
FILE_DESCRIPTION="Internet Extensions for Win32"
COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows®
Operating System" FILE_VERSION="6.00.2800.1106 (xpsp1.020828-1920)"
ORIGINAL_FILENAME="wininet.dll" INTERNAL_NAME="wininet.dll"
LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved."
VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004"
VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x96179"
LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2800.1106"
UPTO_BIN_PRODUCT_VERSION="6.0.2800.1106" LINK_DATE="08/29/2002
10:40:28" UPTO_LINK_DATE="08/29/2002 10:40:28" VER_LANGUAGE="English
(United States) [0x409]" />
<MATCHING_FILE NAME="winsock.dll" SIZE="2864"
CHECKSUM="0x73AE8088" BIN_FILE_VERSION="3.10.0.103"
BIN_PRODUCT_VERSION="3.10.0.103" PRODUCT_VERSION="3.10"
FILE_DESCRIPTION="Windows Socket 16-Bit DLL" COMPANY_NAME="Microsoft
Corporation" PRODUCT_NAME="Microsoft® Windows(TM) Operating System"
FILE_VERSION="3.10" ORIGINAL_FILENAME="WINSOCK.DLL"
INTERNAL_NAME="WINSOCK" LEGAL_COPYRIGHT="Copyright © Microsoft Corp.
1981-1996" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x10001"
VERFILETYPE="0x2" MODULE_TYPE="WIN16" S16BIT_DESCRIPTION="BSD Socket
API for Windows" S16BIT_MODULE_NAME="WINSOCK"
UPTO_BIN_FILE_VERSION="3.10.0.103"
UPTO_BIN_PRODUCT_VERSION="3.10.0.103" VER_LANGUAGE="English (United
States) [0x409]" />
</EXE>
</DATABASE>
Associated dialog found in manifest:
Server=watson.microsoft.com
UI LCID=1033
Flags=623378
Brand=WINDOWS
TitleName=Generic Host Process for Win32 Services
DigPidRegPath=HKLM\Software\Microsoft\Windows
NT\CurrentVersion\DigitalProductId
ErrorText=If you were in the middle of something, the information you
were working on might be lost.
Stage1URL=
Stage1URL=/StageOne//0_0_0_0/unknown/0_0_0_0/00000000.htm
Stage2URL=
Stage2URL=/dw/stagetwo.asp?szAppName=&szAppVer=0.0.0.0&szModName=unknown&szModVer=0.0.0.0&offset=00000000
DataFiles=C:\DOCUME~1\KEVINC~1\LOCALS~1\Temp\WER5.tmp.dir00\svchost.exe.mdmp|C:\DOCUME~1\KEVINC~1\LOCALS~1\Temp\WER5.tmp.dir00\appcompat.txt
Heap=C:\DOCUME~1\KEVINC~1\LOCALS~1\Temp\WER5.tmp.dir00\svchost.exe.hdmp
ErrorSubPath=\0.0.0.0\unknown\0.0.0.0\00000000
All I did was repair my XP installation and the issue went away. I'm
always protected by McAfee VirusScan 8.0 and did NOT install
Blaster.worm patch til AFTER my XP repairs. Blaster worm was never
found on my system. BEWARE! I received an "official looking" email
from Microsoft with an attached "patch" for viruses. Obviously, VS8
deleted this attachment without hesitation.
The problem, for me anyway, is fixed. Good luck.