RPC Remote Procedure Call

M

Mike

Hello,

I have read many of the messages regarding RPC. They all
talk about the Blaster Worm. Could there be anything else
causing the error. I have a customer accessing a remote
Windows XP home system via DSL connection (both end) using
a XP Pro system. I know the remote PC was clean from any
viruses before delivery; the customer claims their pc is
totally clean. There is no email setup on the remote PC.
After he disconnects, the message pops up on the Remote PC
(not on his PC) and then it reboots the remote PC. The
remote PC has the latest SP1a. Any ideas? I appreciate
any help.
Thank you.
 
B

Bill Sanderson

Blaster infects directly via a network connection--no email is involved.

Unless you have patched the machine to close the vulnerability used by
Blaster, it will continue to be re-infected.

http://www.microsoft.com/security/incident/blast.asp

On the remote machine which is showing the symptoms:

Make sure that MS 03-039 is installed:

http://www.microsoft.com/security/security_bulletins/ms03-039.asp

Even with this patch installed, if the machine is already infected, the
patch doesn't disinfect the machine!

So--install this as well:

http://www.microsoft.com/downloads/...8b-fe98-493f-ad76-bf673a38b4cf&displaylang=en

This is a removal tool--install it on a machine which is already patched
against blaster, and any existing blaster infection will be removed. I
believe it will also give a clear indication about whether an infection was
found or not.

If you can verify successful installation of both the MS03-039 patch, and
the removal tool, and these symptoms still persist--write back.

Additionally--blaster infections indicate a machine which doesn't have the
firewall active. The firewall is really, really, important. Yes, you have
to open it to allow Remote Desktop in--but that's easy to do--it can even be
done via a Remote Desktop connection (i.e. you can do all this
maintenance--the two patches, activating the firewall and enabling Remote
Desktop to pass through)--via a Remote Desktop connection.

An automated tool to activate the firewall, and more information about it
and the two other steps you should take to secure your machine available
here:

http://www.microsoft.com/security/protect/default.asp
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

RPC 1
cannot connect to PC from multiple PCs using remote desktop 1
remote procedure call (RPC) 3
what's wrong with remote printer? 1
Remote Procedure Call (RPC) service is terminated Unexpectedly 8
Error 1113 using Remote Procedure Call (RPC) Locator 0
remote access 2
Remote Desktop frequently locks up 3

Top