Remote Service Call

  • Thread starter Thread starter John
  • Start date Start date
J

John

Windows keeps shutting down by RPC " NT System Authority"
any ideas to fix? TIA
 
You have the Blaster worm.

1st to stop the RPC error so it doesn't interupt you while your making
repairs:
Start | Run | services.msc /s
Scroll down to "Remote Proceedure Call (RPC)" NOT (RPC) Locator
Right click and select properties
Under the "Recovery" Tab change all failures from "Restart the Computer" to
"Restart the Service"
This will keep the RPC from coming up.

Disable msblast.exe in task manager.
Ctrl+Alt+Del | Processes | Right click msblast.exe and click "End Process"

Download the Blaster Security Patch at:
http://www.microsoft.com/security/incident/blast.asp

Download AdAware & Spybot S & D:
AdAware:www.lavasoftusa.com/software/adaware/
Spybot S & D:www.safer-networking.org/

Disconnect from the internet

Run AdAware & Spybot
Run the Security Patch you downloaed earlier.

Make sure you have a firewall and AV software enabled and updated.
As long as you downloded and ran the patch above Blaster shouldn't come back
but there are plenty of others that can find your computer in minutes.

Change the RPC back to "Restart the Computer" the same as you did above.

Reconnect to the Internet and download the rest of the Microsoft Update
Security Patches.


--
kwoyach[SPAM]@yahoo[SPAM].com
TO Email: Remove [SPAM]

**Useful Links**
AdAware:
www.lavasoftusa.com/software/adaware/
Spybot S & D:
www.safer-networking.org/
Check for Parasites/Worms:
www.gemal.dk/browserspy/parasites.html
Blaster Security Patch:
http://www.microsoft.com/security/incident/blast.asp
TweakUI and other PowerToys:
www.microsoft.com/windowsxp/pro/downloads/powertoys.asp

If I can help you I will.
If you can help me thanks.
 
Hi John,

When the shutdown warning appears, click start/run and enter "shutdown -a"
to halt the process. It's a virus called blaster or lovesan. Information:

http://www.kellys-korner-xp.com/xp_qr.htm#rpc
http://www.pchell.com/virus/msblast.shtml
http://vil.nai.com/vil/content/v_100499.htm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html
http://www.bigblackglasses.com/Article.aspx?Article=342

You need the patch described here to protect against it:

MS03-039: A Buffer Overrun in RPCSS Could Allow an Attacker to Run Malicious
Programs
http://support.microsoft.com/?kbid=824146

Problem is, you needed to install the patch BEFORE you got infected to avoid
it.

--
Best of Luck,

Rick Rogers aka "Nutcase" MS-MVP - Win9x
Windows isn't rocket science! That's my other hobby!

Associate Expert - WinXP - Expert Zone
 
You must log in or register to reply here.

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Remote Procedure Call (RPC) service is terminated Unexpectedly 8
RPC settings 2
Issue with System Shutting Down every 20 minutes 1
Comcast High Speed Internet 2
RPC service terminated, shutdown 3
Remote Procedure Call 1
My system keeps shutting down 3
Remote Procedure Call (RPC) Service 3

Back
Top