RPC shutdown

[jay]

can someone please please help me sort out this problem,
I am facing everyday several times a day. I go online
using a cable connection connected to my Lan card, in a
local area network. a windowpops up from the system every
now and then which says that NT Authority/System is
shutting down the system because of Remote process call
is initiating this shutdown and the clock begins the
countdown from 50 seconds to shutdown asking the user to
save all applications before shutdown. I have tried to
disable RPC from the task manager, there are no viruses
or bugs in my system,but this coming back again and
again.This is exasperating and i feel like chucking it
all up and retire in the Himalyas. Please someone help me.

 

[Gary Tsang]

Hi,

It appears your computer has been infected with the Blaster virus. For more
information and how to fix this please see follow this link:
http://www.microsoft.com/security/incident/blast.asp
http://www.microsoft.com/security/protect/main.asp

Microsoft Knowledge Base Article - 824146
A Buffer Overrun in RPCSS Could Allow an Attacker to Run Malicious Programs
http://support.microsoft.com/?kbid=824146

More information about this particular worm:
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html

Removal Information can be found here
http://www.kellys-korner-xp.com/xp_qr.htm#rpc

 

[Tom]

can someone please please help me sort out this problem,
I am facing everyday several times a day. I go online
using a cable connection connected to my Lan card, in a
local area network. a windowpops up from the system every
now and then which says that NT Authority/System is
shutting down the system because of Remote process call
is initiating this shutdown and the clock begins the
countdown from 50 seconds to shutdown asking the user to
save all applications before shutdown. I have tried to
disable RPC from the task manager, there are no viruses
or bugs in my system,but this coming back again and
again.This is exasperating and i feel like chucking it
all up and retire in the Himalyas. Please someone help me.

You do have a virus, you twit!

If you connected the PC to the Internet without having first
enabled a firewall, then you're an idiot, without having first installed an antivirus
application with current virus definition files, and before installing
the KB828471 Hotfix, you're very likely to get infected from any of
the thousands of PCs on the Internet that are constantly broadcasting
the Blaster and/or Welchia worms. It only takes a few seconds of
exposure.

 

[jopa66]

Looks like you have the Blaster Worm on your system. Check the following
links for info & removal instructions.
http://support.gateway.com/s/issues/2-928610104.shtml#resolution1
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

 

[Bruce Chambers]

Greetings --

If you connected the PC to the Internet without having first
enabled a firewall, without having first installed an antivirus
application with current virus definition files, and before installing
the KB828471 Hotfix, you're very likely to get infected from any of
the thousands of PCs on the Internet that are constantly broadcasting
the Blaster and/or Welchia worms. It only takes a few seconds of
exposure.

To stay on-line long enough to get the necessary updates, patches,
and removal tools, click Start > Run, and enter "shutdown -a" when the
next RPC countdown begins. This will abort the shut down. Also, make
sure you've enabled a firewall before starting, to preclude any more
intrusions while getting the updates/patches/tools.

MS04-012 Cumulative Update for Microsoft RPC-DCOM
http://support.microsoft.com/default.aspx?scid=kb;en-us;828741

What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp

W32.Blaster.Worm a.k.a. W32/Lovesan.Worm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html

W32.Blaster.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

W32.Welchia.Worm a.k.a. W32/Nachi.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html

W32.Welchia.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.html

McAfee AVERT Stinger
http://us.mcafee.com/virusInfo/default.asp?id=stinger


Bruce Chambers
--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. - RAH