Hi,
My name is Siamak and I have some fairly simple steps
that should help you with this problem.
As I understand, you have received the following error
messages when using your computer:
"This system is shutting down. Please save all work in
progress and log off. This shutdown was initiated by NT
Authority/System."
"Windows must restart because the Remote Procedure Call
(RPC) service terminated unexpectedly."
If I have misunderstood, please respond and let me know.
This is a known security issue which was first found on
July 15. There is currently an Internet Worm that is
taking advantage of this security issue. Microsoft
published the patch to fix this issue on July 16 for all
of the affected systems on our web site. For more
information, please refer to the following page:
http://www.microsoft.com/security/security_bulletins/ms03-
026.asp
The resolution to this issue is to clean the worm from
your system and install the patch mentioned above. You
can find a link below to install the patch for Windows
XP.
It is suggested that you first download the patch to your
system so you can install the patch immediately after
cleaning the system and before you reconnect to the
Internet or network.
In some cases this Worm can cause your system to reboot
and you may have difficulties downloading the patch. In
those cases you need to turn off some ports that the
virus uses by blocking them with Firewall software. The
ports that may need to be blocked are as follows:
TCP/UDP Port 135
TCP/UDP Port 139
TCP/UDP Port 445
*Note: Port 69 (TFTP) and TCP port 4444 are also in use
by this worm and should be blocked.
If your computer is rebooting repeatedly, disconnect from
the Internet before you enable your firewall. To
disconnect your computer from the Internet:
.. Broadband connection users: Locate the telephone
cable that runs from your external DSL or cable modem and
unplug that cable either from the modem or from the
telephone jack.
.. Dial-up connection users: Locate the telephone
cable that runs from the modem inside your computer to
your telephone jack and unplug that cable either from the
telephone jack or from your computer.
Make sure you have a firewall activated to help protect
your computer against infection before you take other
steps. If your computer has been infected, activating
firewall software will help limit the effects of the worm
on your computer.
The Internet Connection Firewall that comes with Windows
XP will block these by default once it is enabled. To
enable the Internet Connection Firewall that comes with
XP do the following:
1. In Control Panel, double-click "Networking and
Internet Connections", and then click Network Connections.
2. Right-click the connection (your internet connection)
on which you would like to enable ICF, and then click
Properties.
3. On the Advanced tab, click the box to select the
option to "Protect my computer or network".
4. If you want to enable the use of some applications and
services through the firewall, you need to enable them by
clicking the Settings button, and then selecting the
programs, protocols, and services to be enabled for the
ICF configuration.
To Download the patch and remove the Worm do the
Following:
Step 1:
Download patch:
1. Download the patch for your system from the link
shown below these steps.
http://microsoft.com/downloads/details.aspx?
FamilyId=2354406C-C5B6-44AC-9532-
3DE40F69C074&displaylang=en
Clean the worm from your system you should do one of the
following:
2. Run your Antivirus software with updated definitions.
(if you don't have anti-virus software it is recommend
that you acquire some)
and
Customers should use some of the online removal tools
located at:
http://securityresponse.symantec.com/avcenter/venc
/data/w32.blaster.worm.removal.tool.html
http://vil.nai.com/vil/stinger
http://www.trendmicro.com/download/tsc.asp
Install the patch:
3. Run the patch from the location you downloaded it to
in step 1.
At the same time, we suggest you often go to
http://www.microsoft.com/security/ and install all
critical updates and service packs from the Windows
Update website:
http://windowsupdate.microsoft.com/. In
this way, your system is always protected from the
potential security issues.
You can also configure Automatic Updates to automatically
download updates for you. How to Configure and Use
Automatic Updates in Windows XP:
http://support.microsoft.com/default.aspx?scid=kb;en-
us;306525
Once again I would like to thank you for contacting
Microsoft Online Support Service. I am going to go ahead
and close this case.
If you require further assistance with this issue, simply
respond with any supplemental information.
Again, thank you for choosing Microsoft.
Best Regards,
Siamak
Please note I cannot respond to e-mailed questions.
Please use respond to this thread to let me know if the
steps and suggestions helped you to resolve the issue.
Disclaimer:
This posting is provided "AS IS" with no warranties, and
confers no
rights.
Please note I cannot respond to e-mailed questions.
Please use these newsgroups to let me know if the
suggestions resolved the issue.
ARCR
===========================
A: Running Windows system connected to internet
R: Computer shuts down unexpectedly
C: DOS attack which uses the bug of "Buffer Overrun in
RPC Interface"
R: Install 823980 patch
===========================
