NT Authority\System & Remote Procedure Call Errors

[TonyT]

Hi,

I have recently built 4 PC's of various specs all with the
following common components;
Windows XP Pro
Samsung SW-252F CDR-W drives
Kingmax RAM (256MB & 512MB PC2700)
TEAC 3 1/2" Floppy
Hayes Accura V-92 PCI modems
(all other components (mobo, BIOS, HDD's etc.) vary)

All 4 PC's are reporting various errors all resulting in
automatic system shutdowns with 60 second reboot's titled
NT Authority\System failures, either referencing
svchost.exe and/or RPC terminted unexpectedly.

the error log codes are; 7031 (primary fault), 4609,1000 &
1002.

All PC's have latest Service Pack's (as of yesterday) and
various combinations of d/loaded drivers for the Modem &
CDR-W. All have office XP Pro also.

The system crash's happen only whilst online (via explorer
or Outlook Express) and seem to happen at random from
immediately upon connection to often 15 minutes into
connection. I am accessing these computers remotely via
WinVNC (but the fault occurs without VNC running).

hope this is enough info, if not I have further
screenshots with error codes, log events etc.

TonyT

 

[BobC]

Hi,

I have recently built 4 PC's of various specs all with the
following common components;
Windows XP Pro
Samsung SW-252F CDR-W drives
Kingmax RAM (256MB & 512MB PC2700)
TEAC 3 1/2" Floppy
Hayes Accura V-92 PCI modems
(all other components (mobo, BIOS, HDD's etc.) vary)

All 4 PC's are reporting various errors all resulting in
automatic system shutdowns with 60 second reboot's titled
NT Authority\System failures, either referencing
svchost.exe and/or RPC terminted unexpectedly.

the error log codes are; 7031 (primary fault), 4609,1000 &
1002.

All PC's have latest Service Pack's (as of yesterday) and
various combinations of d/loaded drivers for the Modem &
CDR-W. All have office XP Pro also.

The system crash's happen only whilst online (via explorer
or Outlook Express) and seem to happen at random from
immediately upon connection to often 15 minutes into
connection. I am accessing these computers remotely via
WinVNC (but the fault occurs without VNC running).

hope this is enough info, if not I have further
screenshots with error codes, log events etc.

TonyT

You likely have the blaster virus. See:
http://www.microsoft.com/security/incident/blast.asp
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

 

[TonyT]

The latest symantec blastfix.exe shows no W32 worm on any
of the PC's.

TonyT

 

[Guest]

Your computer is now infected with the W32.Blaster.Worm or
one of its variants. This happened because you have not
been using an internet connection firewall and have
apparently neglected to install the critical updates
available at the Windows Update website.
-----------------------------------------------------------
-------
If your computer is constantly attempting to shutdown
or reboot, quickly go to:

Start > Run and type: CMD , and hit enter.
This opens the Command Prompt window.

Then type: shutdown -a , and hit enter.

This should halt the rebooting problem.
-----------------------------------------------------------
-------
Then immediately turn-on Windows XP's built-in Firewall:
http://www.microsoft.com/security/protect/
(To enable the built-in firewall, go to:
Control Panel, double-click Networking and Internet
Connections, then click Network Connections. Right-click
your connection, then
Click Properties, and on the Advanced tab, click the option
"Protect my computer and network..." Note: the built in
firewall only monitors incoming traffic not outgoing (ie
spyware, trojans, etc.. you may have on your system).)

What You Should Know About the Blaster Worm and Its
Variants
http://www.microsoft.com/security/incident/blast.asp

A tool is available to remove Blaster worm and Nachi worm
infections from computers
that are running Windows 2000 or Windows XP
http://support.microsoft.com/?kbid=833330

A security issue has been identified that could allow an
attacker to
remotely compromise a computer running Microsoft Windows
and
gain complete control over it. You can help protect your
computer
by installing this update from Microsoft.
http://www.microsoft.com/downloads/details.aspx?
FamilyId=2354406C-C5B6-44AC-9532-
3DE40F69C074&displaylang=en

Above courtesy of MVP Carey
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

***Install a good firewall. ZoneAlarm is a free one you
can install.
Install a good anti-virus program making sure you keep
it's definitions up to date! ***
- - - - - - - - - - - - -
Microsoft Security Bulletin MS03-39
http://support.microsoft.com/?kbid=824146

What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp

Protect Your PC
http://www.microsoft.com/security/protect/default.asp

W32.Blaster.Worm a.k.a. W32/Lovesan.Worm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm
..html

W32.Blaster.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm
..removal.tool.html

W32.Welchia.Worm a.k.a. W32/Nachi.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32
..welchia.worm.html

W32.Welchia.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.welchia.worm
..removal.tool.html

 

[Danny Slye - [MSFT}]

It sounds like these machines were infected with the Blaster virus(or
Nachi) before the patches were installed. The patches only prevent
infection, they do not remove the infection if it is already present.
Microsoft has provided a blaster removal tool at:
http://www.microsoft.com/downloads/details.aspx?FamilyId=E70A0D8B-FE98-493F-
AD76-BF673A38B4CF&displaylang=en

--------------------

Hi,

I have recently built 4 PC's of various specs all with the
following common components;
Windows XP Pro
Samsung SW-252F CDR-W drives
Kingmax RAM (256MB & 512MB PC2700)
TEAC 3 1/2" Floppy
Hayes Accura V-92 PCI modems
(all other components (mobo, BIOS, HDD's etc.) vary)

All 4 PC's are reporting various errors all resulting in
automatic system shutdowns with 60 second reboot's titled
NT Authority\System failures, either referencing
svchost.exe and/or RPC terminted unexpectedly.

the error log codes are; 7031 (primary fault), 4609,1000 &
1002.

All PC's have latest Service Pack's (as of yesterday) and
various combinations of d/loaded drivers for the Modem &
CDR-W. All have office XP Pro also.

The system crash's happen only whilst online (via explorer
or Outlook Express) and seem to happen at random from
immediately upon connection to often 15 minutes into
connection. I am accessing these computers remotely via
WinVNC (but the fault occurs without VNC running).

hope this is enough info, if not I have further
screenshots with error codes, log events etc.

TonyT

__
Danny Slye
Microsoft Support Professional
MCSE

This posting is provided "AS IS" with no warranties and confers no rights.
Please reply to the newsgroup so that others may benefit. Thanks!