Shutdown problem w/Internet Explorer

K

Keith

I'm posting this for a friend since he is having the
problem detailed below...

He is using Internet Explorer 6.0 on Windows XP.

After opening Internet Explorer (and connecting to the
internet), there is a pause of approximately 1 minute and
he receives the first message:
"Generic host process for Win32 has encountered a problem
and needs to close."

Less than 1 minute later, he received this message:
"This program is shutting down. Please save all work in
progress and log off. Any unsaved changes will be lost.
This shutdown was initiated by NT Authority. Remote
Procedure Call (RPC) was terminated."
And it gives a countdown from 1 miinute before shutting
down the entire system.

Any ideas would be greatly appreciated.

Thanks in advance.
 
F

Frank Saunders, MS-MVP

Keith said:
I'm posting this for a friend since he is having the
problem detailed below...

He is using Internet Explorer 6.0 on Windows XP.

After opening Internet Explorer (and connecting to the
internet), there is a pause of approximately 1 minute and
he receives the first message:
"Generic host process for Win32 has encountered a problem
and needs to close."

Less than 1 minute later, he received this message:
"This program is shutting down. Please save all work in
progress and log off. Any unsaved changes will be lost.
This shutdown was initiated by NT Authority. Remote
Procedure Call (RPC) was terminated."
And it gives a countdown from 1 miinute before shutting
down the entire system.

Any ideas would be greatly appreciated.

Thanks in advance.
Click to expand...

You've got the newest virus. The attachment is a zipped copy of a script to
disinfect your machine.

Information:
http://www.kellys-korner-xp.com/xp_qr.htm#rpc
Microsoft Security Bulletin MS03-026:
http://www.microsoft.com/technet/security/bulletin/MS03-026.asp?frame=true
MS03-026: Buffer Overrun in RPC Interface May Allow Code Execution
http://support.microsoft.com/?kbid=823980
Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability
http://securityresponse.symantec.com/avcenter/security/Content/8205.htm
To clean it up:
http://www.bigblackglasses.com/Article.aspx?Article=342
 
P

PA Bear

Download and save the VBS file Frank posted. Take a copy of it with you to
the problem machine.

To stop the reboots: Go to Start/Run and type in: services.msc. Scroll down
to Remote Procedure Call (RPC)/Logon/First Failure/Restart the Service.

Place a copy of the VBS file on the Desktop of the problem machine. Close
all running processes or reboot into Safe Mode then double-click on the VBS
file. You will be prompted when the script is done.

Important: Download up-to-date definitions for your anti-virus application
and run a full system scan before doing the following.

Download the MS patch from here http://tinyurl.com/ir5h and install it.
(NB: This is a link to download the patch. You may save it as you did the
VBS file.)

More: http://www.kellys-korner-xp.com/xp_qr.htm#rpc (both the VBS and EXE
files may be downloaded here)
--
HTH...Please post back to this thread

~Robear Dyer (aka PA Bear)
MS MVP-Windows (IE/OE)
http://mvp.support.microsoft.com
 
R

Robert Aldwinckle

[X-Newsreader: Microsoft CDO for Windows 2000]
The attachment is a zipped copy of a script to disinfect your machine.
Click to expand...

Web interface user, Frank. They will have to launch your Message-ID
in an OE window to see the attachment.

By including your Message-ID in this reply I actually give them
enough information to get it themselves but for their convenience
have also created an explicit NNTP URL out of it.

nntp://msnews.microsoft.com/microsoft.public.windows.inetexplorer.ie6.browser/[email protected]

To use it they can copy it to their IE Address bar and press Enter.


HTH

Robert Aldwinckle
 
F

Frank Saunders, MS-MVP

Robert Aldwinckle said:
[X-Newsreader: Microsoft CDO for Windows 2000]
Click to expand...
The attachment is a zipped copy of a script to disinfect your
machine.
Click to expand...

Web interface user, Frank. They will have to launch your Message-ID
in an OE window to see the attachment.

By including your Message-ID in this reply I actually give them
enough information to get it themselves but for their convenience
have also created an explicit NNTP URL out of it.

nntp://msnews.microsoft.com/microsoft.public.windows.inetexplorer.ie6.browser/[email protected]

To use it they can copy it to their IE Address bar and press Enter.


HTH

Robert Aldwinckle
---


Frank Saunders said:
You've got the newest virus. The attachment is a zipped copy of a
script to disinfect your machine.

Information:
http://www.kellys-korner-xp.com/xp_qr.htm#rpc
Microsoft Security Bulletin MS03-026:
http://www.microsoft.com/technet/security/bulletin/MS03-026.asp?frame=true
MS03-026: Buffer Overrun in RPC Interface May Allow Code Execution
http://support.microsoft.com/?kbid=823980
Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability
http://securityresponse.symantec.com/avcenter/security/Content/8205.htm
To clean it up:
http://www.bigblackglasses.com/Article.aspx?Article=342
Click to expand...
Click to expand...

The last article has a link to the script and I'n now also posting a direct
link to the script.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Automatic Shutdown 3
system shutdown 1
Error Message 1
System auto shutdown 1
.NET update and virus-like symptoms? 6
Microsoft .NET Framework update leads to virus-like symptoms? 1
Microsoft .NET Famework 2
Shutdown Initiated by NT Authority/System 3

Top