RPC - Remote Procedure Call

  • Thread starter Thread starter Keith
  • Start date Start date
K

Keith

Generally, after about ten minutes of PC being switched
on, I get an error message -

Remote Procedure Call service terminated unexpectedly,
your system is shutting down!

It then counts down from 60 secs and restarts my pc. Can
anyone suggest how I can rectify this, it would be much
appreciated.

Many thanks.
 
Keith said:
Generally, after about ten minutes of PC being switched
on, I get an error message -

Remote Procedure Call service terminated unexpectedly,
your system is shutting down!

It then counts down from 60 secs and restarts my pc. Can
anyone suggest how I can rectify this, it would be much
appreciated.

Many thanks.
Click to expand...

You system is inf3ected with the Blaster worm. Go to the following website
for the instructions on getting rid of it.

Blaster:
http://www3.telus.net/dandemar/blaster.htm


--
Ronnie Vernon
Microsoft MVP-Windows Shell/User

Please reply to the newsgroup so all may benefit.
http://www.dts-l.org
http://www.mvps.org
 
Keith said:
Generally, after about ten minutes of PC being switched
on, I get an error message -

Remote Procedure Call service terminated unexpectedly,
your system is shutting down!

It then counts down from 60 secs and restarts my pc. Can
anyone suggest how I can rectify this, it would be much
appreciated.

Many thanks.
Click to expand...

Surely due to the infamous Blaster worm. See www.microsft.com/blaster
for resolution advice and links.
 
Hi,

When the shutdown warning appears, click start/run and enter "shutdown -a"
to halt the process. It's a virus called blaster or lovesan. Information:

http://www.kellys-korner-xp.com/xp_qr.htm#rpc
http://www.pchell.com/virus/msblast.shtml
http://vil.nai.com/vil/content/v_100499.htm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html
http://www.bigblackglasses.com/Article.aspx?Article=342

You need the patch described here to protect against it:

MS03-039: A Buffer Overrun in RPCSS Could Allow an Attacker to Run Malicious
Programs
http://support.microsoft.com/?kbid=824146

Problem is, you needed to install the patch BEFORE you got infected to avoid
it. Also, visit Windows Update and download and install KB833330

--
Best of Luck,

Rick Rogers aka "Nutcase" MS-MVP - Win9x
Windows isn't rocket science! That's my other hobby!

Associate Expert - WinXP - Expert Zone
 
Greetings --

If you connected the PC to the Internet without having first
installed the KB824146 Hotfix, without having first installed an
antivirus application with current virus definition files, and before
enabling a firewall, you're very likely to get infected from any of
the thousands of PCs on the Internet that are constantly broadcasting
the Blaster and/or Welchia worms. It only takes a few seconds of
exposure.

To stay on-line long enough to get the necessary updates, patches,
and removal tools, click Start > Run, and enter "shutdown -a" when the
next RPC countdown begins. This will abort the shut down. Also, make
sure you've enabled a firewall before starting, to preclude any more
intrusions while getting the updates/patches/tools.

Microsoft Security Bulletin MS03-39
http://support.microsoft.com/?kbid=824146

What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp

Removal Tool for Blaster/Nachi worm infections from computers running
Win2K or WinXP
http://support.microsoft.com/?kbid=833330

W32.Blaster.Worm a.k.a. W32/Lovesan.Worm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html

W32.Blaster.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

W32.Welchia.Worm a.k.a. W32/Nachi.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html

W32.Welchia.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.html

McAfee AVERT Stinger
http://us.mcafee.com/virusInfo/default.asp?id=stinger


Bruce Chambers

--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH
 
Bruce Chambers said:
Greetings --

If you connected the PC to the Internet without having first
installed the KB824146 Hotfix,
Click to expand...

That's an oxymoron, isn't it? Unless the OP downloaded the fix to some
storage mediium prior to getting the machine, he can't GET the fix without
going on the Internet!
 
Rifleman said:
That's an oxymoron, isn't it? Unless the OP downloaded the fix to some
storage mediium prior to getting the machine, he can't GET the fix without
going on the Internet!
Click to expand...

Guess I'd call it dilemma .. :-)
 
Greetings --

Which rather implies that one should prepare _before_ connecting
to the Internet. After all, it's not like these worms are obscure or
unknown; they've been widely publicized for some months now. Anyway,
the enabled firewall would do the trick, wouldn't it?

Bruce Chambers

--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH
 
Back
Top