RPC Vulnerability Question

[Jeff S.]

Forgive me if this has been asked before. I have had this happen a few times (the
crash!). After a few min. of searching I found the answer of what it was.

I restarted Kerio (Damn Kids!)
Downloaded MS Patch.
Updated antivirus, ran full scan and found nothing.
Downloaded VBS script from Doug Knox site. It says, it did not find W32Blaster.exe

My question is could something else be crashing my machine? Or does this worm infect
servers, and will it crash machines without infecting them.

 

[Knack]

The current worm results in an error message that reads something like "The
RPC Service is terminating unexpectedly. System will shut down in xx
seconds."

No, it does not crash machines without infecting them.

 

[Jeff S.]

Doug Knox MS-MVP Says

You may have one of the variants, or one of the similar
viruses. Double check your Antivirus definitions and make
sure they're updated. See if your AV software will run in
Safe Mode. Sometimes a virus/worm can hide itself from AV
software.

Checked again clean ran online scanner and still nothing. Posted this same question
on grc server this is the response I got.

"quote"
here's a snippet from the Symantec Virus notes It's possible for your
machine to crash without being infected. If you are running a firewall such
as ZoneAlarm turn off any trusted IP's or IP Ranges for a while and check
your logs. You should be able to see attacks on port 135

<paste>
a.. Due to the random nature of how the worm constructs the exploit data,
this may cause computers to crash if it sends incorrect data. This may
manifest as svchost.exe generating errors as a result of the incorrect data.
a.. While W32.Blaster.Worm cannot spread to the Windows NT or Windows 2003
server, unpatched computers running these operating systems may crash as a
result of the worm's attempts to exploit them. However, if the worm is
manually placed and executed on a computer running these operating systems,
it can run and spread
</paste>

"end quote"