XP RPC Error

  • Thread starter Thread starter Kevin
  • Start date Start date
K

Kevin

My windows XP shuts down with an error that says " RPC
ERROR windows will terminate unexpectedly. And the
computer shuts down within 60 seconds. Any ideas thanks in
advance
 
I can't imagine how any one that uses a computer still doesn't know about
this as it was in all the papers, tv news, radio news, internet news....
etc.. for months.



Always run a firewall and anti-virus programs on your computer at all times.
And visit window supdate regularly.



You are infected with the Blaster worm virus.



To stop the rebooting/shutdowns, right click on the task bar, choose task
manager, processes tab, look for msblast.exe. Highlight it and click end
process. Then turn on the xp firewall.

To turn on the firewall: control panel, network and internet connections,
network connections, right click your connection, properties, advanced tab,
check the protect my computer box. Do this as quickly as you can once the
desktop comes up. Then visit the sites below for the removal and patch info.

Symantec: removal info and removal tool
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html

Also make sure to follow the links to the Microsoft pages for the patch or
visit windows update for the patch after you remove it.

http://support.microsoft.com/?kbid=823980

http://www.microsoft.com/security/incident/blast.asp
 
Kevin said:
My windows XP shuts down with an error that says " RPC
ERROR windows will terminate unexpectedly. And the
computer shuts down within 60 seconds. Any ideas thanks in
advance
Click to expand...

A search in this NG or Google would have told you that you have the Blaster
Virus.

To stop the countdown after it has started Click Start | Run | type
"shutdown -a" (no quotes)
This will stop the countdown timer.

Then to stop the RPC error so it doesn't interupt you while your making
repairs:
Start | Run | services.msc /s
Scroll down to "Remote Proceedure Call (RPC)" NOT (RPC) Locator
Right click and select properties
Under the "Recovery" Tab change all failures from "Restart the Computer" to
"Restart the Service"
This will keep the RPC from coming up.

Disable msblast.exe in task manager.
Ctrl+Alt+Del | Processes | Right click msblast.exe and click "End Process"

Download the Blaster Security Patch at:
http://www.microsoft.com/security/incident/blast.asp

Download AdAware & Spybot S & D:
AdAware:
www.lavasoftusa.com/software/adaware/
Spybot S & D:
www.safer-networking.org/

Disconnect from the internet

Run AdAware & Spybot
Run the Security Patch you downloaed earlier.

Make sure you have a firewall and AV software enabled and updated.
As long as you downloded and ran the patch above Blaster shouldn't come back
but there are plenty of others that can find your computer in minutes.

Change the RPC back to "Restart the Computer" the same as you did above.

Reconnect to the Internet and download the rest of the Microsoft Update
Security Patches.
 
Your computer is now infected with the W32.Blaster.Worm or
one of its variants. This happened because you have not
been using an internet connection firewall and have
apparently neglected to install the critical updates
available at the Windows Update website.
-----------------------------------------------------------
-------
If your computer is constantly attempting to shutdown
or reboot, quickly go to:

Start > Run and type: CMD , and hit enter.
This opens the Command Prompt window.

Then type: shutdown -a , and hit enter.

This should halt the rebooting problem.
-----------------------------------------------------------
-------
Then immediately turn-on Windows XP's built-in Firewall:
http://www.microsoft.com/security/protect/
(To enable the built-in firewall, go to:
Control Panel, double-click Networking and Internet
Connections, then click Network Connections. Right-click
your connection, then
Click Properties, and on the Advanced tab, click the option
"Protect my computer and network..." Note: the built in
firewall only monitors incoming traffic not outgoing (ie
spyware, trojans, etc.. you may have on your system).)

Special note if you use AOL:
America Online installs its own connection settings that
override
the ones that come with Windows XP. America Online's
connection settings don't include a way to turn on Windows
XP's
built-in firewall.


What You Should Know About the Blaster Worm and Its
Variants
http://www.microsoft.com/security/incident/blast.asp

A tool is available to remove Blaster worm and Nachi worm
infections from computers
that are running Windows 2000 or Windows XP
http://support.microsoft.com/?kbid=833330

A security issue has been identified that could allow an
attacker to
remotely compromise a computer running Microsoft Windows
and
gain complete control over it. You can help protect your
computer
by installing this update from Microsoft.
http://www.microsoft.com/downloads/details.aspx?
FamilyId=2354406C-C5B6-44AC-9532-
3DE40F69C074&displaylang=en

Above courtesy of MVP Carey
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

***Install a good firewall. ZoneAlarm is a free one you
can install.
Install a good anti-virus program making sure you keep
it's definitions up to date! ***
- - - - - - - - - - - - -
Microsoft Security Bulletin MS03-39
http://support.microsoft.com/?kbid=824146

What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp

Protect Your PC
http://www.microsoft.com/security/protect/default.asp

W32.Blaster.Worm a.k.a. W32/Lovesan.Worm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm
..html

W32.Blaster.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm
..removal.tool.html

W32.Welchia.Worm a.k.a. W32/Nachi.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32
..welchia.worm.html

W32.Welchia.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.welchia.worm
..removal.tool.html
 
Wojo,

What good is Spybot S&D and Ad-aware going to do for a Blaster worm
infection?

You also mention the security patch but nothing about removing the
infection. The patch alone will not remove the worm.

Maybe you should think about re-writing your copy-paste thingie.

Steve
 
They aren't.
But if you have blaster you may, and probably do, have other issues as well.
Why not clean up everything while your disconnected from the internet?
But your right about removal of blaster I originally had the MS link in
there, I'll have to fix it again.
Thanks for the input
 
Ok, I understand. And you're welcome. However I would attack the biggie
problem first and then go after the spyware miscreants later if only
because the spyware scans can take an awfully long time on some machines.

Steve
 
Actually I thought about that after you posted.
I'm stll going to recommend them but at the end and stating exactly what you
just said.
Your riht they do take a long time but generaly worth the effort I'd say.
Read it next time I post it, I think you'll like it better :-)
 
Well, if the folks who allowed themselves to get blastola in the first
place could read and comprehend then when they go to the M$ link you
gave about blaster and actually READ what the page has to say they'd
figure it out and know what to do anyway, wouldn't they? Unfortunately
that's not likely to happen, is it? :)

Gotta spell it out in simple terms for some people I reckon.

Steve
 
well if that were to happen then those same folks coulda/woulda/shoulda
searched the NG or google for the answer before asking and would find
millions of hits and wouldn't even have to ask. :)
 
Or they'd run away with ears plugged screaming
"TMI! La-la-la-la-la-la-la-la-la...

Sorry, that's what my wife does when I try to explain computer stuff to
her ;)

Steve
 
Please update your information it is OLD and out-of-date!

KB823980 was SUPERCEDED by the patch for the RPC/RPCSS Buffer Overflow Vulnerability that is
addressed by Microsoft Security Bulletin MS03-39
http://support.microsoft.com/?kbid=824146 - KB824146

KB824146 has very recently been superceded by KB828741
http://support.microsoft.com/default.aspx?scid=kb;en-us;828741
http://www.microsoft.com/technet/security/bulletin/ms04-012.mspx

So for Nachi/Welchia and Lovsan/Blaster worms, KB828741 is NOW needed to fix all RPC/RPCSS
DCOM Vulnerabilities.

Dave




| I can't imagine how any one that uses a computer still doesn't know about
| this as it was in all the papers, tv news, radio news, internet news....
| etc.. for months.
|
|
|
| Always run a firewall and anti-virus programs on your computer at all times.
| And visit window supdate regularly.
|
|
|
| You are infected with the Blaster worm virus.
|
|
|
| To stop the rebooting/shutdowns, right click on the task bar, choose task
| manager, processes tab, look for msblast.exe. Highlight it and click end
| process. Then turn on the xp firewall.
|
| To turn on the firewall: control panel, network and internet connections,
| network connections, right click your connection, properties, advanced tab,
| check the protect my computer box. Do this as quickly as you can once the
| desktop comes up. Then visit the sites below for the removal and patch info.
|
| Symantec: removal info and removal tool
| http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html
|
| Also make sure to follow the links to the Microsoft pages for the patch or
| visit windows update for the patch after you remove it.
|
| http://support.microsoft.com/?kbid=823980
|
| http://www.microsoft.com/security/incident/blast.asp
|
|
|
| Kevin wrote:
| > My windows XP shuts down with an error that says " RPC
| > ERROR windows will terminate unexpectedly. And the
| > computer shuts down within 60 seconds. Any ideas thanks in
| > advance
|
|
 
Please don NOT regurgitate another's reply. the information you supplied is OLD and
out-of-date!

Please update your information it is OLD and out-of-date!

KB823980 was SUPERCEDED by the patch for the RPC/RPCSS Buffer Overflow Vulnerability that is
addressed by Microsoft Security Bulletin MS03-39
http://support.microsoft.com/?kbid=824146 - KB824146

KB824146 has very recently been superceded by KB828741
http://support.microsoft.com/default.aspx?scid=kb;en-us;828741
http://www.microsoft.com/technet/security/bulletin/ms04-012.mspx

So for Nachi/Welchia and Lovsan/Blaster worms, KB828741 is NOW needed to fix all RPC/RPCSS
DCOM Vulnerabilities.

Dave




| Your computer is now infected with the W32.Blaster.Worm or
| one of its variants. This happened because you have not
| been using an internet connection firewall and have
| apparently neglected to install the critical updates
| available at the Windows Update website.
| -----------------------------------------------------------
| -------
| If your computer is constantly attempting to shutdown
| or reboot, quickly go to:
|
| Start > Run and type: CMD , and hit enter.
| This opens the Command Prompt window.
|
| Then type: shutdown -a , and hit enter.
|
| This should halt the rebooting problem.
| -----------------------------------------------------------
| -------
| Then immediately turn-on Windows XP's built-in Firewall:
| http://www.microsoft.com/security/protect/
| (To enable the built-in firewall, go to:
| Control Panel, double-click Networking and Internet
| Connections, then click Network Connections. Right-click
| your connection, then
| Click Properties, and on the Advanced tab, click the option
| "Protect my computer and network..." Note: the built in
| firewall only monitors incoming traffic not outgoing (ie
| spyware, trojans, etc.. you may have on your system).)
|
| Special note if you use AOL:
| America Online installs its own connection settings that
| override
| the ones that come with Windows XP. America Online's
| connection settings don't include a way to turn on Windows
| XP's
| built-in firewall.
|
|
| What You Should Know About the Blaster Worm and Its
| Variants
| http://www.microsoft.com/security/incident/blast.asp
|
| A tool is available to remove Blaster worm and Nachi worm
| infections from computers
| that are running Windows 2000 or Windows XP
| http://support.microsoft.com/?kbid=833330
|
| A security issue has been identified that could allow an
| attacker to
| remotely compromise a computer running Microsoft Windows
| and
| gain complete control over it. You can help protect your
| computer
| by installing this update from Microsoft.
| http://www.microsoft.com/downloads/details.aspx?
| FamilyId=2354406C-C5B6-44AC-9532-
| 3DE40F69C074&displaylang=en
|
| Above courtesy of MVP Carey
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
| ***Install a good firewall. ZoneAlarm is a free one you
| can install.
| Install a good anti-virus program making sure you keep
| it's definitions up to date! ***
| - - - - - - - - - - - - -
| Microsoft Security Bulletin MS03-39
| http://support.microsoft.com/?kbid=824146
|
| What You Should Know About the Blaster Worm
| http://www.microsoft.com/security/incident/blast.asp
|
| Protect Your PC
| http://www.microsoft.com/security/protect/default.asp
|
| W32.Blaster.Worm a.k.a. W32/Lovesan.Worm
| http://www.symantec.com/avcenter/venc/data/w32.blaster.worm
| .html
|
| W32.Blaster.Worm Removal Tool
| http://www.symantec.com/avcenter/venc/data/w32.blaster.worm
| .removal.tool.html
|
| W32.Welchia.Worm a.k.a. W32/Nachi.Worm
| http://securityresponse.symantec.com/avcenter/venc/data/w32
| .welchia.worm.html
|
| W32.Welchia.Worm Removal Tool
| http://www.symantec.com/avcenter/venc/data/w32.welchia.worm
| .removal.tool.html
|
| >-----Original Message-----
| >My windows XP shuts down with an error that says " RPC
| >ERROR windows will terminate unexpectedly. And the
| >computer shuts down within 60 seconds. Any ideas thanks
| in
| >advance
| >.
| >
 
Phil (purplehaz), after spending 3 minutes figuring out which end of the pen to
use said:
I can't imagine how any one that uses a computer still doesn't know about
this as it was in all the papers, tv news, radio news, internet news....
etc.. for months.
Click to expand...

Define "all". No, it was not in "all" the news, or "all" the papers, or "all"
radio stations ad nauseum. Then you also haven't considered all the people who
at the time didn't own a computer and therefore at the time didn't pay
attention to something like this that may have had a half-paragraph mention on
page 6. You didn't consider the people who are tired of 'watching' the news,
since it's become so slandered and biased in one way or another, that it isn't
worth the electricity to turn it on.
Hmmm...you just didn't 'consider' much at all.

<snip>

Joh N.
 
Ya, ya, I know. If the person just follows the ms link they'll get
everything they need. I would hope any newbie who gets this virus would
start at the ms link. I'll update when I get a chance.
 
lol, yeah mine tends to do the same

Steve Nielsen said:
Or they'd run away with ears plugged screaming
"TMI! La-la-la-la-la-la-la-la-la...

Sorry, that's what my wife does when I try to explain computer stuff to
her ;)

Steve
Click to expand...
 
Joh said:
Phil (purplehaz), after spending 3 minutes figuring out which end of


Define "all". No, it was not in "all" the news, or "all" the
papers, or "all" radio stations ad nauseum. Then you also haven't
considered all the people who at the time didn't own a computer and
therefore at the time didn't pay attention to something like this
that may have had a half-paragraph mention on page 6. You didn't
consider the people who are tired of 'watching' the news, since it's
become so slandered and biased in one way or another, that it isn't
worth the electricity to turn it on. Hmmm...you just didn't
'consider' much at all.
Click to expand...

First of all the news was everywhere. You would have had to been living in a
cave to not have heard about it. My mother who never even used a computer
knew about it. There's no excuse to not know if your gonna buy a computer.
But what I do know is that a computer is a tool, not a toy. When you spend
hundreds or thousands of dollars on a tool you better dam well learn how to
use it, and this includes security of the computer and your internet
connection. If you can't take the time to learn to use it correctly, then
don't buy one. Again it not a toy, it's an expensive piece of equipment. If
people only took the time to do some research or even went to the MS website
they know about these viruses. It's that simple to find out. When you buy a
computer learn how to secure it and use it properly. No excuses IMO.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

RPC Terminated Unexpectedly 3
Remote Procedure Call (RPC) service is terminated Unexpectedly 8
remote procedure call (RPC) terminated 2
RPC 3
RPC service terminated message 9
RPC Terminates 3
Rpc terminated unexpectedly! 3
Windows XP terminated 8

Back
Top