RPC

C

Cad

I have recently (Christmas) upgraded to XP. When I log
onto the web, I get a pop-up tellimg me the system will
be shutting down in 60 seconds. The pop-up is from the NT
AUTHORITY/SYSTEM and is due to a Remote Procedure Call
unexpectedly terminating.

Can anyone help me with how to stop this?

Thanks.

Cad
(e-mail address removed)
 
T

Taurarian

http://www.microsoft.com/security/incident/blast_faq.asp

Blaster Worm FAQ
Sounds like the Blaster Worm.

1. CTRL-ALT-DELETE to bring up the Task Manager. Look for msblast.exe and select
it and End Process. This will stop the computer from shutting down.
It doesn't remove the worm.

To enable your firewall :
- Click Start
- Click Control Panel
- Double Click "Network Connections"
- Right-click on your Dial up Connection, then left click 'Properties'
- Left Click 'Advanced' Under "Internet Connection Firewall" tick the box
'Protect my computer and networking by limiting or preventing access to this
computer from the internet'
- Click Ok and Close the "network connections" box.
You can then connect to the Internet and download the Microsoft relevant patch.

You could also try:
Click Start/Run then type in cmd
and then type in : shutdown -a
Do this when the shutdown prompt appears.

2. You can download the Symantec Removal Tool from here
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
or you can visit this site to assist in the removal of the worm
http://www3.ca.com/virusinfo/virus.aspx?ID=36265
To download ClnPoza.zip - a utility that cleans a local machine affected by
Win32.Poza,
or this site for assistance: http://www.kellys-korner-xp.com/xp_qr.htm#rpc
 
B

Bruce Chambers

Greetings --

If you connected the PC to the Internet without having first
installed the KB824146 Hotfix, without having first installed an
antivirus application with current virus definition files, and before
enabling a firewall, you're very likely to get infected from any of
the thousands of PCs on the Internet that are constantly broadcasting
the Blaster and/or Welchia worms. It only takes a few seconds of
exposure.

To stay on-line long enough to get the necessary updates, patches,
and removal tools, click Start > Run, and enter "shutdown -a" when the
next RPC countdown begins. This will abort the shut down. Also, make
sure you've enabled a firewall before starting, to preclude any more
intrusions while getting the updates/patches/tools.

Microsoft Security Bulletin MS03-39
http://support.microsoft.com/?kbid=824146

What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp

W32.Blaster.Worm a.k.a. W32/Lovesan.Worm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html

W32.Blaster.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

W32.Welchia.Worm a.k.a. W32/Nachi.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html

W32.Welchia.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.html

McAfee AVERT Stinger
http://us.mcafee.com/virusInfo/default.asp?id=stinger


Bruce Chambers

--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

NT Authority/System RPC Issue! XP keeps shutting down 4
Windows xp "System Shutdown" message 3
xp system shutdown suddenly happens 2
NT Authority System Shutdown 1
System shutdown due to RPC terminating?!? 1
Remote Procedure Call (RPC) service is terminated Unexpectedly 8
Help 2
new pc problems 1

Top