RPC shut down

Discussion in 'Computer Support' started by Vittorio Bellini, Aug 19, 2003.

  1. After I turn on my computer and start surfing the net, a
    few minutes later a meessage comes up saying that 'the
    computer will shutdown, this was initiated by the NT
    Authority\System', underneath there is a timer which
    starts at 60sec when it reaches 0 it shuts the computer
    down, below the timer it says that 'this is because of
    the remote procedure call was incorrectly terminated'

    I'm running on WinXP which confuses me more about the NT
    message and its a stand alone computer, not connected to
    any network.This only happens when I'm connected to the
    internet. It is not a virus as I have scanned my drives
    several times.
    Any Help would be appreciated.
     
    Vittorio Bellini, Aug 19, 2003
    #1
    1. Advertising

  2. In article <bht79k$2sslu$-berlin.de>,
    splurted...
    > After I turn on my computer and start surfing the net, a
    > few minutes later a meessage comes up saying that 'the
    > computer will shutdown, this was initiated by the NT
    > Authority\System', underneath there is a timer which
    > starts at 60sec when it reaches 0 it shuts the computer
    > down, below the timer it says that 'this is because of
    > the remote procedure call was incorrectly terminated'
    >
    > I'm running on WinXP which confuses me more about the NT
    > message and its a stand alone computer, not connected to
    > any network.This only happens when I'm connected to the
    > internet. It is not a virus as I have scanned my drives
    > several times.
    > Any Help would be appreciated.
    >
    >
    >


    yes it is a virus. check on the symantec site for msblaster

    www.sarc.com
    --
    Mike
     
    Michael Thompson, Aug 19, 2003
    #2
    1. Advertising

  3. Vittorio Bellini

    °Mike° Guest

    Boot into Safe Mode and start your registry editor:
    Start / Run / regedit

    Navigate to:
    HKEY_LOCAL_MACHINE
    +Software
    +Microsoft
    +Windows
    +CurrentVersion
    +Run

    In the right-hand pane, look for an entry that includes MSBLAST.EXE
    and DELETE it.

    You just disabled the worm from running at startup, so boot into
    normal mode again, and turn off ALL system restores to purge
    your system.

    Open Windows Explorer to the ..\Windows\System32\ or
    ...\WinNT\System32\ folder and DELTETE the file MSBLAST.EXE

    Next, go to the ..\Windows\Prefetch\ or ..\WinNT\Prefetch\
    and find the reference to the MSBLAST file (it will be similar to:
    MSBLAST.EXE-<alphanumerics>.PF), and DELETE it.

    Now you can download and install the patch, configure your
    firewall and update your virus scanner.

    Microsoft Security Bulletin MS03-026
    http://www.microsoft.com/technet/security/bulletin/MS03-026.asp

    What you should know about the Blaster worm
    http://www.microsoft.com/security/incident/blast.asp

    Windows RPC DCOM Buffer Overflow Remote Exploit (MS03-026)
    http://www.k-otik.com/exploits/07.25.winrpcdcom.c.php

    How to Use The KB 823980 Scanning Tool to Identify Host Computers
    That Do Not Have The 823980 Security Patch (MS03-026) Installed
    http://support.microsoft.com/search/preview.aspx?id=kb;en-us;826369

    W32.Blaster.Worm
    http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html

    W32.Blaster.B.Worm
    http://www.symantec.com/avcenter/venc/data/w32.blaster.b.worm.html

    W32.Blaster.C.Worm
    http://www.symantec.com/avcenter/venc/data/w32.blaster.c.worm.html

    W32.Blaster.Worm Removal Tool
    http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html


    On Tue, 19 Aug 2003 09:04:50 -0400, in
    <bht79k$2sslu$-berlin.de>
    Vittorio Bellini scrawled:

    >After I turn on my computer and start surfing the net, a
    >few minutes later a meessage comes up saying that 'the
    >computer will shutdown, this was initiated by the NT
    >Authority\System', underneath there is a timer which
    >starts at 60sec when it reaches 0 it shuts the computer
    >down, below the timer it says that 'this is because of
    >the remote procedure call was incorrectly terminated'
    >
    >I'm running on WinXP which confuses me more about the NT
    >message and its a stand alone computer, not connected to
    >any network.This only happens when I'm connected to the
    >internet. It is not a virus as I have scanned my drives
    >several times.
    >Any Help would be appreciated.
    >


    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
     
    °Mike°, Aug 19, 2003
    #3
  4. Vittorio Bellini

    Boomer Guest

    Vittorio Bellini said:

    > After I turn on my computer and start surfing the net, a
    > few minutes later a meessage comes up saying that 'the
    > computer will shutdown, this was initiated by the NT
    > Authority\System', underneath there is a timer which
    > starts at 60sec when it reaches 0 it shuts the computer
    > down, below the timer it says that 'this is because of
    > the remote procedure call was incorrectly terminated'
    >
    > I'm running on WinXP which confuses me more about the NT
    > message and its a stand alone computer, not connected to
    > any network.This only happens when I'm connected to the
    > internet. It is not a virus as I have scanned my drives
    > several times.


    Its a wrom that most of the world has heard about. TV, radio,
    newspapers, internet, newsgroups.

    Microsoft Knowledge Base Article - 823980
    MS03-026: Buffer Overrun in RPC May Allow Code
    Execution

    http://support.microsoft.com/?kbid=823980

    > Any Help would be appreciated.


    Is your antivirus up to date?

    --
    <boggles>
     
    Boomer, Aug 19, 2003
    #4
  5. I've got the same symptoms as the original poster but cannot find any trace
    of the worm!
    Have followed all "Mike's" instructions and even downloaded and run the
    removal tool for "W32.Blaster.Worm" & another similar worm called
    "W32.Welchia" - results negative. Have searched regedit and no signs of
    entries from either worm.
    Actually after the timer has run out on the rpc shut down screen my pc does
    not restart but just displays a blank I.E. page. The Address is "
    http://adl.zendmedia.com/ad.rpc.php?id=ad101". I cannot get rid of this page
    no matter how I try except by rebooting. (have managed to block this address
    now).
    Problem now is every time I boot the pc I'm told there are new security
    updates dowloaded that need installing. I Instal but get the same message
    every time I switch pc on. Numbers are always the same i.e. 823559 & 817606.
    I'm told they have been installed succesfully but next time I boot they are
    there again waiting to be installed????
    Could this be connected somehow?
    Thanks in Anticipation for any help you can give
    Fred.
    "°Mike°" <> wrote in message
    news:...
    > Boot into Safe Mode and start your registry editor:
    > Start / Run / regedit
    >
    > Navigate to:
    > HKEY_LOCAL_MACHINE
    > +Software
    > +Microsoft
    > +Windows
    > +CurrentVersion
    > +Run
    >
    > In the right-hand pane, look for an entry that includes MSBLAST.EXE
    > and DELETE it.
    >
    > You just disabled the worm from running at startup, so boot into
    > normal mode again, and turn off ALL system restores to purge
    > your system.
    >
    > Open Windows Explorer to the ..\Windows\System32\ or
    > ..\WinNT\System32\ folder and DELTETE the file MSBLAST.EXE
    >
    > Next, go to the ..\Windows\Prefetch\ or ..\WinNT\Prefetch\
    > and find the reference to the MSBLAST file (it will be similar to:
    > MSBLAST.EXE-<alphanumerics>.PF), and DELETE it.
    >
    > Now you can download and install the patch, configure your
    > firewall and update your virus scanner.
    >
    > Microsoft Security Bulletin MS03-026
    > http://www.microsoft.com/technet/security/bulletin/MS03-026.asp
    >
    > What you should know about the Blaster worm
    > http://www.microsoft.com/security/incident/blast.asp
    >
    > Windows RPC DCOM Buffer Overflow Remote Exploit (MS03-026)
    > http://www.k-otik.com/exploits/07.25.winrpcdcom.c.php
    >
    > How to Use The KB 823980 Scanning Tool to Identify Host Computers
    > That Do Not Have The 823980 Security Patch (MS03-026) Installed
    > http://support.microsoft.com/search/preview.aspx?id=kb;en-us;826369
    >
    > W32.Blaster.Worm
    > http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html
    >
    > W32.Blaster.B.Worm
    > http://www.symantec.com/avcenter/venc/data/w32.blaster.b.worm.html
    >
    > W32.Blaster.C.Worm
    > http://www.symantec.com/avcenter/venc/data/w32.blaster.c.worm.html
    >
    > W32.Blaster.Worm Removal Tool
    >

    http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
    >
    >
    > On Tue, 19 Aug 2003 09:04:50 -0400, in
    > <bht79k$2sslu$-berlin.de>
    > Vittorio Bellini scrawled:
    >
    > >After I turn on my computer and start surfing the net, a
    > >few minutes later a meessage comes up saying that 'the
    > >computer will shutdown, this was initiated by the NT
    > >Authority\System', underneath there is a timer which
    > >starts at 60sec when it reaches 0 it shuts the computer
    > >down, below the timer it says that 'this is because of
    > >the remote procedure call was incorrectly terminated'
    > >
    > >I'm running on WinXP which confuses me more about the NT
    > >message and its a stand alone computer, not connected to
    > >any network.This only happens when I'm connected to the
    > >internet. It is not a virus as I have scanned my drives
    > >several times.
    > >Any Help would be appreciated.
    > >

    >
    > --
    > Basic computer maintenance
    > http://uk.geocities.com/personel44/maintenance.html
     
    Fred Flintstone, Aug 21, 2003
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ray Horton

    Won't power down when shut down

    Ray Horton, Aug 27, 2003, in forum: Computer Support
    Replies:
    2
    Views:
    658
    Cicero
    Aug 27, 2003
  2. fokker
    Replies:
    7
    Views:
    1,138
    Fokker
    Sep 11, 2003
  3. Bun Mui
    Replies:
    2
    Views:
    743
  4. nash123

    Sporadic Power Down / Shut Down Problems

    nash123, Jul 26, 2005, in forum: Computer Support
    Replies:
    17
    Views:
    2,964
    nash123
    Aug 24, 2005
  5. nash123

    Sporadic Power Down / Shut Down Problems

    nash123, Jul 26, 2005, in forum: Computer Information
    Replies:
    1
    Views:
    505
    Peter Mark
    Aug 1, 2005
Loading...

Share This Page