remote procedure call.....and computer shutdown?

[Mason121]

Hello, I`m asking this on behalf of a friend who can`t stay connected to the
internet. He OS is winxp home ed. He says the computer works fine doing
everything except when he signs onto the internet........says that in about 10
mins. he gets this message: NTAUTHORITY SYSTEM REMOTE PROCECURE CALL
TERMINATED UNEXPECTEDLY. Also says there is a count down timer till it shuts
off. We talked about it and he said he has not done his windows updates. He
also has let his virus protection run past it`s trial and did not renew. We,
people at work, told him he probally has the blaster virus.
He said he did a search on his puter and it did not find the msblaster.exe on
it.
I myself told him he is nuts not to do the win updates and not keep his virus
protection updated. But he has the usual excuses.....no time.....the kids are
on it all the time.........it has been working fine.....etc....... Anyway I
told him I would come on line and try to help him.
Any ideas would be appreciated. Thanks................Dan.

 

[Duane Arnold]

(e-mail address removed) (Mason121) wrote in

Hello, I`m asking this on behalf of a friend who can`t stay connected
to the internet. He OS is winxp home ed. He says the computer works
fine doing everything except when he signs onto the
internet........says that in about 10 mins. he gets this message:
NTAUTHORITY SYSTEM REMOTE PROCECURE CALL TERMINATED
UNEXPECTEDLY. Also says there is a count down timer till it shuts
off. We talked about it and he said he has not done his windows
updates. He also has let his virus protection run past it`s trial and
did not renew. We, people at work, told him he probally has the
blaster virus. He said he did a search on his puter and it did not
find the msblaster.exe on it.
I myself told him he is nuts not to do the win updates and not keep
his virus protection updated. But he has the usual excuses.....no
time.....the kids are on it all the time.........it has been working
fine.....etc....... Anyway I told him I would come on line and try
to help him. Any ideas would be appreciated.
Thanks................Dan.

This is due to an exploit that as been exposed by hackers for the RPC
component of the NT based O/S(s). That is NT, 2K, XP and 2K3 O/S(s), once
the O/S or machine has been connected to the Internet. This new exploit
has been on the news as of late. There is a fix for this if you go to the
MS Windows Update site -- right in the middle of the page. There is
information there that will instruct you on how to apply the fix for
this. Also, you should get a third party firewall like Kerio, Output, ZA,
etc. or use XP's FW that will protect the O/S.

http://www.uksecurityonline.com/husdg/windowsxp.php

You may also want to *harden* the XP O/S to attack.

HTH

Duane

 

[Hugh Watkins]

Hello, I`m asking this on behalf of a friend who can`t stay connected to the
internet. He OS is winxp home ed. He says the computer works fine doing
everything except when he signs onto the internet........says that in about 10
mins. he gets this message: NTAUTHORITY SYSTEM REMOTE PROCECURE CALL
TERMINATED UNEXPECTEDLY. Also says there is a count down timer till it shuts
off. We talked about it and he said he has not done his windows updates. He
also has let his virus protection run past it`s trial and did not renew. We,
people at work, told him he probally has the blaster virus.
He said he did a search on his puter and it did not find the msblaster.exe on
it.
I myself told him he is nuts not to do the win updates and not keep his virus
protection updated. But he has the usual excuses.....no time.....the kids are
on it all the time.........it has been working fine.....etc....... Anyway I
told him I would come on line and try to help him.
Any ideas would be appreciated. Thanks................Dan.

the Virus definition for blaster is less than 7 ??? days old ???

so if he has not updated he cannot see it

like using a toilet
do the paperwork every time and wash your hands after that

if you get sloppy you begin to get infections and pass them on

Hugh W

 

[Zvi Netiv]

Hello, I`m asking this on behalf of a friend who can`t stay connected to the
internet. He OS is winxp home ed. He says the computer works fine doing
everything except when he signs onto the internet........says that in about 10
mins. he gets this message: NTAUTHORITY SYSTEM REMOTE PROCECURE CALL
TERMINATED UNEXPECTEDLY. Also says there is a count down timer till it shuts
off. We talked about it and he said he has not done his windows updates. He
also has let his virus protection run past it`s trial and did not renew. We,
people at work, told him he probally has the blaster virus.
He said he did a search on his puter and it did not find the msblaster.exe on
it.

He definitely got Blaster. The reason he can't find it is because his explorer
setting are to not show hidden files (msblast.exe has the hidden attribute set).

Stopping the shutdown countdown is trivial, to let download and install the
patch. At the desktop 'run' co0mmand line, run "shutdown -a" (without the quote
marks), and do the update. It's important to turn off 'system restore' before
installing the patch.

I myself told him he is nuts not to do the win updates and not keep his virus
protection updated.

Updating your AV is pointless if you are among the first to catch a worm like
Blaster, or Sobig.f. Instead, he (and you) could consider changing your
protection strategy to a generic one. It proved extremely effective, and you
wouldn't depend on critical AV updates.

Regards, Zvi

 

[Dr Halonfires LesGirl]

This might help you out. :-
http://www.sophos.com/support/disinfection/blastera.html
(Same method whichever version of blaster you have.)

 

[Jason]

Start | Run... "shutdown -a" should abort the restart process and give you
time to download and apply the patch.

 

[Brigg222]

Start | Run... "shutdown -a" should abort the restart process and give you

time to download and apply the patch.

Thanks, Jason and everyone else that replied to my post, for all the
information.
I think with all this info. he will be able to fix his machine. I liked the
post which ended with:

...that is if he's not too busy, or if the kids let him use the
computer...etc..
I will post back again to let you know how things went.
Thanks again........Dan.

 

[FromTheRafters]

What a waste of your and my time.

Time spent trying to help someone is not time wasted.

Seems he already got a floppy disk from someone who also had the virus. He
used it to fix his problem.

Dammit! I feel so.....used. :O(

I guess it was not a total waste of my time
anyway. I learned alot about the blaster virus.

There could very well have been lurkers who were educated
by your question and the answers given.

Still I don`t know what could
be on a floppy that could fix this virus?

A patch, and a removal tool perhaps.

 

[See signature below]

A patch, and a removal tool perhaps.

I gave a floppy to a lady friend of mine last night who got infected.
There is a removal tool from Nework Associates (McAfee) called Stinger
and it is just under 700 KB.
http://vil.nai.com/vil/stinger/


You know what to do: shdb at slip dot net

 

[FromTheRafters]

I gave a floppy to a lady friend of mine last night who got infected.
There is a removal tool from Nework Associates (McAfee) called Stinger
and it is just under 700 KB.
http://vil.nai.com/vil/stinger/

I figured stinger would be covering this one. I also
wonder if the "victim" got the patch which is more
important in the long run.

 

[See signature below]

I figured stinger would be covering this one. I also
wonder if the "victim" got the patch which is more
important in the long run.

I told my friend to disconnect her DSL modem and stay off the
internet, run Stinger, and call me when done. I planned on enabling
here firewall, and install the one important patch that keeps this
type worm from happening from a burned CD then going back online and
doing all the critical updates.

MS had the patch as a seperate download too that would also fit on a
1.44MB floppy.


You know what to do: shdb at slip dot net

 

[Ant]

[snip]

I gave a floppy to a lady friend of mine last night who got infected.

The mind boggles!
;>

 

[FromTheRafters]

[snip]

I gave a floppy to a lady friend of mine last night who got infected.

The mind boggles!
;>

I wasn't gonna say anything....