trouble with remote procedure call



using the internet in windows xp normal mode causes
remote procedure call (iis) to shut down(restart the
computer) should i disable remote procedure call, and if
so how?

Carey Frisch [MVP]

There are thousands of nasty computer viruses/worms looking for unprotected
computers. Your computer can be infected within a few milliseconds the moment
an internet connection is established if your computer is not properly secured.

Apparently, your computer is now infected with the W32.Blaster.Worm or one of its variants.
This happened because you have not been using an internet connection firewall and have
apparently neglected to install the critical updates available at the Windows Update website.


If your computer is constantly attempting to shutdown
or reboot, quickly go to:

Start > Run and type: CMD , and hit enter.
This opens the Command Prompt window.

Then type: shutdown -a , and hit enter.

This should halt the rebooting problem.


Then immediately turn-on Windows XP's built-in Firewall:

What You Should Know About the Blaster Worm and Its Variants

A tool is available to remove Blaster worm and Nachi worm infections from computers
that are running Windows 2000 or Windows XP

A security issue has been identified that could allow an attacker to
remotely compromise a computer running Microsoft Windows and
gain complete control over it. You can help protect your computer
by installing this update from Microsoft.

Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect your PC!


| using the internet in windows xp normal mode causes
| remote procedure call (iis) to shut down(restart the
| computer) should i disable remote procedure call, and if
| so how?

Rick \Nutcase\ Rogers

Hi Paul,

When the shutdown warning appears, click start/run and enter "shutdown -a"
to halt the process. It's a virus called blaster or lovesan. Information:

You need the patch described here to protect against it:

MS03-039: A Buffer Overrun in RPCSS Could Allow an Attacker to Run Malicious

Problem is, you needed to install the patch BEFORE you got infected to avoid

Best of Luck,

Rick Rogers aka "Nutcase" MS-MVP - Win9x
Windows isn't rocket science! That's my other hobby!

Associate Expert - WinXP - Expert Zone

Bruce Chambers

Greetings --

If you connected the PC to the Internet without having first
installed the KB824146 Hotfix, without having first installed an
antivirus application with current virus definition files, and before
enabling a firewall, you're very likely to get infected from any of
the thousands of PCs on the Internet that are constantly broadcasting
the Blaster and/or Welchia worms. It only takes a few seconds of

To stay on-line long enough to get the necessary updates, patches,
and removal tools, click Start > Run, and enter "shutdown -a" when the
next RPC countdown begins. This will abort the shut down. Also, make
sure you've enabled a firewall before starting, to preclude any more
intrusions while getting the updates/patches/tools.

Microsoft Security Bulletin MS03-39

What You Should Know About the Blaster Worm

W32.Blaster.Worm a.k.a. W32/Lovesan.Worm

W32.Blaster.Worm Removal Tool

W32.Welchia.Worm a.k.a. W32/Nachi.Worm

W32.Welchia.Worm Removal Tool

McAfee AVERT Stinger

Bruce Chambers
Help us help you:

You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question