trouble with remote procedure call

P

paul

using the internet in windows xp normal mode causes
remote procedure call (iis) to shut down(restart the
computer) should i disable remote procedure call, and if
so how?
 
C

Carey Frisch [MVP]

There are thousands of nasty computer viruses/worms looking for unprotected
computers. Your computer can be infected within a few milliseconds the moment
an internet connection is established if your computer is not properly secured.

Apparently, your computer is now infected with the W32.Blaster.Worm or one of its variants.
This happened because you have not been using an internet connection firewall and have
apparently neglected to install the critical updates available at the Windows Update website.

------------------------------------------------------------------

If your computer is constantly attempting to shutdown
or reboot, quickly go to:

Start > Run and type: CMD , and hit enter.
This opens the Command Prompt window.

Then type: shutdown -a , and hit enter.

This should halt the rebooting problem.

------------------------------------------------------------------

Then immediately turn-on Windows XP's built-in Firewall:
http://www.microsoft.com/security/protect/

What You Should Know About the Blaster Worm and Its Variants
http://www.microsoft.com/security/incident/blast.asp

A tool is available to remove Blaster worm and Nachi worm infections from computers
that are running Windows 2000 or Windows XP
http://support.microsoft.com/?kbid=833330

A security issue has been identified that could allow an attacker to
remotely compromise a computer running Microsoft Windows and
gain complete control over it. You can help protect your computer
by installing this update from Microsoft.
http://www.microsoft.com/downloads/...6C-C5B6-44AC-9532-3DE40F69C074&displaylang=en

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect your PC!
http://www.microsoft.com/security/protect/

----------------------------------------------------------------------


| using the internet in windows xp normal mode causes
| remote procedure call (iis) to shut down(restart the
| computer) should i disable remote procedure call, and if
| so how?
 
R

Rick \Nutcase\ Rogers

Hi Paul,

When the shutdown warning appears, click start/run and enter "shutdown -a"
to halt the process. It's a virus called blaster or lovesan. Information:

http://www.kellys-korner-xp.com/xp_qr.htm#rpc
http://www.pchell.com/virus/msblast.shtml
http://vil.nai.com/vil/content/v_100499.htm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html
http://www.bigblackglasses.com/Article.aspx?Article=342

You need the patch described here to protect against it:

MS03-039: A Buffer Overrun in RPCSS Could Allow an Attacker to Run Malicious
Programs
http://support.microsoft.com/?kbid=824146

Problem is, you needed to install the patch BEFORE you got infected to avoid
it.

--
Best of Luck,

Rick Rogers aka "Nutcase" MS-MVP - Win9x
Windows isn't rocket science! That's my other hobby!

Associate Expert - WinXP - Expert Zone
 
B

Bruce Chambers

Greetings --

If you connected the PC to the Internet without having first
installed the KB824146 Hotfix, without having first installed an
antivirus application with current virus definition files, and before
enabling a firewall, you're very likely to get infected from any of
the thousands of PCs on the Internet that are constantly broadcasting
the Blaster and/or Welchia worms. It only takes a few seconds of
exposure.

To stay on-line long enough to get the necessary updates, patches,
and removal tools, click Start > Run, and enter "shutdown -a" when the
next RPC countdown begins. This will abort the shut down. Also, make
sure you've enabled a firewall before starting, to preclude any more
intrusions while getting the updates/patches/tools.

Microsoft Security Bulletin MS03-39
http://support.microsoft.com/?kbid=824146

What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp

W32.Blaster.Worm a.k.a. W32/Lovesan.Worm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html

W32.Blaster.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

W32.Welchia.Worm a.k.a. W32/Nachi.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html

W32.Welchia.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.html

McAfee AVERT Stinger
http://us.mcafee.com/virusInfo/default.asp?id=stinger


Bruce Chambers
--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top