RPC terminates and shutsdown windows

J

john

I have just loaded a new system with XP professional.
When I connect to the internet the RPC terminates
unexpectedly and shuts windows down. What could be
causein
 
K

Ken Blake

In
john said:
I have just loaded a new system with XP professional.
When I connect to the internet the RPC terminates
unexpectedly and shuts windows down. What could be
causein
Click to expand...


You have the MSBlaster worm. To remove it, do the following:

The following instructions are in three parts

1. Stop it from running

2. Remove it from your system

3. Make sure it doesn't come back



Before beginning, if you have an always-on internet connection,
it's a good idea to disconnect it.



1. Stop it from running

Press Ctrl-Alt-Delete to bring up the Task Manager, then on the
Processes tab, click msblast.exe and then "End process." Reply
"Yes" to the warning message that comes up.

This stops the worm from running, so your system will not shut
down. However, it doesn't remove it, and if that's all you do, it
will start up again the next time you boot.


***

2. Remove it from your system

a. Start the registry editor program, regedit, by going to Start
| Run, and typing REGEDIT
Navigate to HKEY_Local_Machine\Software\Microsoft\Windows\Current
Version\Run by clicking the plus signs next to each of the
folders in the left hand pane. When you get to the last of them,
Run, click the word Run itself.

Find an entry called "Windows Auto Update" on the right side.
Right-click it and delete it.

b. Do a Windows search for msblast, and delete all files found.

The worm is now gone, and won't start again the next time you
boot. But if that's all you do, you can get reinfected just as
you did the first time.

***


3. Make sure it doesn't come back

a. Make sure you're running a firewall that prevents worms like
this from getting in. You can enable the built-in Windows XP
firewall, or download and install another one such as the free
version of ZoneAlarm. To enable the built-in firewall, go to
Control Panel, double-click Networking and Internet Connections,
then click Network Connections. Right-click your connection, then
click Properties, and on the Advanced tab, click the option
"Protect my computer and network..."


b. If you've disconnected your internet connection, reconnect it.
Download and install the Microsoft patch at
http://download.microsoft.com/downl...e-b7a52a983f01/WindowsXP-KB823980-x86-ENU.exe

That will remove the vulnerability that the worm exploits.


c. Be sure you are running an anti-virus program, and that you
regularly download the latest updated virus definitions.
 
B

Bruce Chambers

Greetings --

If you connected the PC to the Internet without having first
installed the KB824146 Hotfix, without having first installed an
antivirus application with current virus definition files, and before
enabling a firewall, you're very likely to get infected from any of
the thousands of PCs on the Internet that are constantly broadcasting
the Blaster and/or Welchia worms. It only takes a few seconds of
exposure.

To stay on-line long enough to get the necessary updates, patches,
and removal tools, click Start > Run, and enter "shutdown -a" when the
next RPC countdown begins. This will abort the shut down. Also, make
sure you've enabled a firewall before starting, to preclude any more
intrusions while getting the updates/patches/tools.

Microsoft Security Bulletin MS03-39
http://support.microsoft.com/?kbid=824146

What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp

W32.Blaster.Worm a.k.a. W32/Lovesan.Worm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html

W32.Blaster.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

W32.Welchia.Worm a.k.a. W32/Nachi.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html

W32.Welchia.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.html

McAfee AVERT Stinger
http://us.mcafee.com/virusInfo/default.asp?id=stinger


Bruce Chambers

--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH
 
C

CS

I have just loaded a new system with XP professional.
When I connect to the internet the RPC terminates
unexpectedly and shuts windows down. What could be
causein
Click to expand...

You have the Blaster virus. Follow these instructions to remove.

Compliments of Mr. Ken Blake MVP.

Step 1: Removal
Step 2: Secure Against Reinfection


Step 1: Removal:


1. Press Start/Run type in Regedit and press OK.

2. Click the plus signs next to the following folders on the right
hand
pane:
HKEY_Local_Machine\Software\Microsoft\Windows\Current Version\Run

3. With "RUN" highlighted on the left look for an entry called
"Windows Auto
Update" on the right. Right click and delete this "Windows Auto
Update"
entry.

* Alternate method for steps 1-3: Download and run the Msblast Removal
Tool
from Symantec:
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html


4. Enable Internet Connection Firewall to keep re-infection from
occurring.
To enable the Internet Connection Firewall in Windows:

Press Start\Control Panel, double-click Networking and Internet
Connections,
and then click Network Connections.
Right-click the connection on which you would like to enable Internet
Connection Firewall, and then click Properties.
On the Advanced tab, click the box to select the option to Protect my
computer or network.
More information on this (if needed)
http://support.microsoft.com/?id=283673

5. Reboot the computer.



Step 2: Secure Against Reinfection


1. After the reboot Go to Start\Search search, under Look In select
Local
Hard Drives.
Under "All or Part of the File Name" type in MSblast.exe and press
"Search"
Right Click and delete all instances of this file. (note: If you used
the
Symantec MsBlast removal tool you may not need to follow this step)

2. Install the following Patch from Microsoft to protect your computer
from
MSblast Worm/Virus and future variants:

This is the direct Download for the Windows XP Patch:
http://download.microsoft.com/downl...e-b7a52a983f01/WindowsXP-KB823980-x86-ENU.exe


This is the download link for all other Microsoft Operating Systems:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

RPC settings 2
Remote Procedure Call terminates 6
RPC 2
Remote Procedure Call (RPC) service is terminated Unexpectedly 8
XP RPC Error 16
RPC service terminates session 3
Windows XP shutdown 2
RPC Terminates 3

Top