XP Professional

David Gower · Mar 18, 2004

Workstaion will shutdown randomaly with error saying that
the RPC Service is unexpectedly termnated. This was after
2 viruses files were found. The files effected were
cxaaq.exe (w32.sdbot.worm.gen.b virus) srvhost.exe (proxy-
FBSR.gen virus) and regsvc32.exe was (w32.sdbot.worm.gen.b
virus).

The symptoms appeared at the same time the viruses did.
The only way I could clean the viruses is to delete the
files, I cannot find those files on anyother WinXP
installation. The problem still exsists. Can anyone
please assist.

David Gower
Systems Engineer
VMASC Old Dominion University

JWooden271 · Mar 18, 2004

Your computer could be infected with the Baster worm.

For information about Blaster (patches and removal tools available) see:
http://www.microsoft.com/security/incident/blast.asp

Bruce Chambers · Mar 19, 2004

Greetings --

It sounds as if you've been collecting worms.

If you connected the PC to the Internet without having first
enabled a firewall, without having first installed an antivirus
application with current virus definition files, and before installing
the KB824146 Hotfix, you're very likely to get infected from any of
the thousands of PCs on the Internet that are constantly broadcasting
the Blaster and/or Welchia worms. It only takes a few seconds of
exposure.

To stay on-line long enough to get the necessary updates, patches,
and removal tools, click Start > Run, and enter "shutdown -a" when the
next RPC countdown begins. This will abort the shut down. Also, make
sure you've enabled a firewall before starting, to preclude any more
intrusions while getting the updates/patches/tools.

Microsoft Security Bulletin MS03-39
http://support.microsoft.com/?kbid=824146

What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp

W32.Blaster.Worm a.k.a. W32/Lovesan.Worm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html

W32.Blaster.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

W32.Welchia.Worm a.k.a. W32/Nachi.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html

W32.Welchia.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.html

McAfee AVERT Stinger
http://us.mcafee.com/virusInfo/default.asp?id=stinger

Bruce Chambers
--
Help us help you:

You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH

LSASS.EXE Terminated Unexpectedely Code 1073741819	15	Dec 26, 2005
Win XP RPC Service Failure Reboot Rant Help - the story of a ruined weekend!	9	Apr 26, 2004
FWT Newsletter - Weekly - February 16, 2004	2	Feb 16, 2004
I think I have been hijacked.	3	May 26, 2008
Help! Explorer.exe crashing due to fault in shell32.dll.	9	Jul 3, 2004
virus/spyware found (i did, not the program) error sending report	2	Apr 28, 2005
SOS Uploads Mothers' Day 2004	7	May 9, 2004
WTD: Nvidia Videocard for 4x AGP Slot	0	May 29, 2008

XP Professional

David Gower

JWooden271

Bruce Chambers

Ask a Question

Similar Threads