Shutdown during update

[WIll]

I have tried several times to perform a standard UPDATE
for my Windows XP (not on a network)and at each attempt,
somewhere in the process I receive a notice advising me
that my system is about to shutdown, and that I have XX
seconds to save any unsaved information. (A timer then
ticks down through 60 seconds.)

The message announces the "shutdown is initiated by NT
Authority\System," due to a "Remote procedure call (RPC)
terminating unexpectedly."

I've updated in the past without a problem, but this
infuriating problem has come up in every attempt over the
last couple of days. Sometimes the shutdown occurs as
Microsoft is "scanning for updates," and sometimes it
happens minutes into the process of downloading updates.
It has also happened at other points between those two.

Repeated searches of the various databases using the
verbatim language of the message I get have revealed no
matches. The closest was a message apparently related to
a problem with a system administrator on a network.

Help would be greatly appreciated.

 

[Michael Solomon \(MS-MVP Windows Shell/User\)]

You appear to have the Blaster virus.
Follow this to get rid of Blaster:
http://www3.telus.net/dandemar/blaster.htm

 

[Guest]

I don't know how that would be possible, inasmuch as the
particular PC involved is connected to the internet only
and exclusively for updates, and I practice absurdly-safe
computer. But I appreciate the suggestion and I will
check and let you know.

 

[JAX]

If you have all the answers, why do you post a question?

JAX

 

[Michael Solomon \(MS-MVP Windows Shell/User\)]

It only takes a connection to the Internet for any purpose. If at any time
you've connected and the firewall, assuming you have a firewall, was ever
disabled or not turned on, that's all it takes...blaster seeks out this
vulnerability. We have examples up and down these boards of virtually the
same scenario you have mentioned.

 

[Michael Solomon \(MS-MVP Windows Shell/User\)]

LOL, really JAX, I think you should cut this guy a little slack. He did say
he appreciated the suggestion and that he'd check and let us know.

 

[Michael Solomon \(MS-MVP Windows Shell/User\)]

You are absolutely correct about my reply, JAX. I was having a little fun
with you and I very much appreciate your respect as well as your input on
these boards. And, I would only joke with you on such a basis if I did
respect you.

Sometimes people add their thoughts to a post as though they are thinking
out loud. Working these boards as long as I have I've learned to spot that.
I didn't think he was necessarily taking issue with my response so much as
providing additional information he appeared to think might have made a
difference which is one of the reasons why I added a further explanation.

I was concerned the OP might get scared off. Because this is a written
medium, we can't hear tone or see facial expression and that sometimes leads
to misunderstandings. I wanted to be sure he did come back. It's not so
important that I be right but if the issue is as I diagnosed, the OP and
others that are lurking who may never post learn something valuable for the
future and I consider that very important.

 

[Michael Solomon \(MS-MVP Windows Shell/User\)]

I understand, JAX, no problem and thank you for the kind words as well.

 

[David Nimon]

Then maybe you should read responses more carefully.

To me, the OP expressed surprise--not denial with what he replied.

Cut some people some slack. We're not perfect beings or we wouldn't be here
in the first place.

 

[JAX]

David, as you said, "we are not perfect beings". I took it as a "flippant"
answer to someone who was trying to help someone with a problem. Perhaps,
one of my imperfections is, I was taught to, at least, say thank you and not
offer an argumentative reply to, either my elders or, those who are more
knowledgeable than I. A question in response is acceptable, an argument is
not.

JAX

Then maybe you should read responses more carefully.

To me, the OP expressed surprise--not denial with what he replied.

Cut some people some slack. We're not perfect beings or we wouldn't be here
in the first place.



--
David Nimon
(e-mail address removed)

Thank you Michael. I follow your posts, and have learned a lot from you, as
well as the other "MVP's" and others whom I have come to recognize as being
well learned in a field that I am close to being, if not, a novice.

PC is something I enjoy and spend as much time as I can learning more about.
In my craft, I enjoy a certain reputation. It always annoys me, to no end,
when someone who is just starting out asks a question and comes up with a
reply such as, I interpreted, the response to your post.

JAX

much

as for
the

can.

Wh

en
someone, such as yourself, offers a suggestion, I think it should be taken
seriously. I took the reply as "fluffing you off". Maybe, it's just a
matter
of how I was raised. I don't think the OP actually read your reply and
understood what you said. It only takes a few seconds of being

on-line
to

get your computer infected. That is what I read from your reply to

the
OP.

 

[Guest]

Your computer is now infected with the W32.Blaster.Worm or
one of its variants. This happened because you have not
been using an internet connection firewall and have
apparently neglected to install the critical updates
available at the Windows Update website.
-----------------------------------------------------------
-------
If your computer is constantly attempting to shutdown
or reboot, quickly go to:

Start > Run and type: CMD , and hit enter.
This opens the Command Prompt window.

Then type: shutdown -a , and hit enter.

This should halt the rebooting problem.
-----------------------------------------------------------
-------
Then immediately turn-on Windows XP's built-in Firewall:
http://www.microsoft.com/security/protect/
(To enable the built-in firewall, go to:
Control Panel, double-click Networking and Internet
Connections, then click Network Connections. Right-click
your connection, then
Click Properties, and on the Advanced tab, click the option
"Protect my computer and network..." Note: the built in
firewall only monitors incoming traffic not outgoing (ie
spyware, trojans, etc.. you may have on your system).)

Special note if you use AOL:
America Online installs its own connection settings that
override
the ones that come with Windows XP. America Online's
connection settings don't include a way to turn on Windows
XP's
built-in firewall.


What You Should Know About the Blaster Worm and Its
Variants
http://www.microsoft.com/security/incident/blast.asp

A tool is available to remove Blaster worm and Nachi worm
infections from computers
that are running Windows 2000 or Windows XP
http://support.microsoft.com/?kbid=833330

A security issue has been identified that could allow an
attacker to
remotely compromise a computer running Microsoft Windows
and
gain complete control over it. You can help protect your
computer
by installing this update from Microsoft.
http://www.microsoft.com/downloads/details.aspx?
FamilyId=2354406C-C5B6-44AC-9532-
3DE40F69C074&displaylang=en

Above courtesy of MVP Carey
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

***Install a good firewall. ZoneAlarm is a free one you
can install.
Install a good anti-virus program making sure you keep
it's definitions up to date! ***
- - - - - - - - - - - - -
Microsoft Security Bulletin MS03-39
http://support.microsoft.com/?kbid=824146

What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp

Protect Your PC
http://www.microsoft.com/security/protect/default.asp

W32.Blaster.Worm a.k.a. W32/Lovesan.Worm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm
..html

W32.Blaster.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm
..removal.tool.html

W32.Welchia.Worm a.k.a. W32/Nachi.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32
..welchia.worm.html

W32.Welchia.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.welchia.worm
..removal.tool.html

 

[Will]

Blaster, it was. And while I still can't wrap my mind
around how that would happen, I hasten to confess there
are lots of things I have trouble wrapping my mind around
(Schwarzegger is GOVERNOR?)

As this particlar PC was connected to the Internet only a
a monthly basis via a dial-up used exclusively for the
purpose of obtaining Microsoft updates, I didn't realize
there was any risk whatsoever. Never used it to visit
another website, or to check e-mail, or to download
anything other than updates. Floppies never touch it, and
I thought the only virus risk I faced would have to be the
result of Immaculate Conception.

Yet another lesson learned, surely just the first of the
day. Save for the grumpy flamer blowing my expressions of
surprise grossly out of proportion, thanks for the help.

w

 

[Michael Solomon \(MS-MVP Windows Shell/User\)]

You're welcome.

Unfortunately, blaster uses a security hole, one for which there is an
available patch, to enter a system. Hence, you only need to be connected to
the Internet for infection to occur. A firewall usually closes the ports
blaster attacks or at the very least will alert you to an unauthorized
intrusion.

Since these things can be changed as the hackers modify their approach or
approach they use, it's important to stay up to date with security updates
even with a system that only connects as you describe. Further, because of
the evolutionary aspect, it's important to have a firewall as well in case
your system is attacked before a security patch is available. This also
points up the need to run a virus scan on your system at least once a week
and at the first sign of issues such as you describe. The antivirus
software may not have received an update in time to protect you either but
it might pick up unusual activity and alert you to the issue and possibly
even the offending file or files as a potential virus.

 

[Will]

Perhaps I should post this under a new subject heading -
firewalls - because you prompt another question on that
subject. I've avoided a firewall largely because of the
howls of frustration I hear from those who maintain that
employing one has added to the simplest processes a
torturous, annoying new series of hurdles to be
accomplished.

Again, I rush to acknowledge aloud that I know NOTHING
about them first-hand. But among doofuses on the street,
and I may know more doofuses than many, firewalls for
personal PC use seem to have a reputation only slightly
better than food poisoning. Would you attribute this to
user incompetence, or perhaps to a plethora of cumbersome
firewall products? Is there a product, or type of
product, that you believe overcomes the complaints, or
would you concur with the complaints while maintaining
that the risk is so great that the need for protection far
outweighs the inconvenience.

 

[Michael Solomon \(MS-MVP Windows Shell/User\)]

Upon first install of a firewall, you will receive a series of notices about
things trying to access the Internet of which you will have to answer yes or
no. Most of them are system level items that relate to Windows Update,
assuming you have automatic update turned on as well as any other
application that might be set to routinely check for updates.

Once the firewall is "trained," you will rarely hear from it especially on a
system such as you describe.

The alternative is leaving yourself open to the kind of virus attack to
which you've already succumbed.

There are free versions of most firewalls available. Sygate Personal
Firewall is one of them and it's very light on the system:
www.sygate.com

 

[Guest]

Thank you for all your time.

 

[Michael Solomon \(MS-MVP Windows Shell/User\)]

You're welcome.