Someone Please help me I keep getting this message everyfew minutes and my computer will restart ... can someone tell me why this keeps happening..............

That's weird. My mate rang me about an hour ago saying the same thing. That's the exact same message he's getting.


Does anybody know cause I don't. He uses Win XP Home Edition.

I don't have the solution, but I just saw the same problem on another forum. No solution was posted on that forum though.

It's a conspiracy!!


Keep tabs on that other forum mate.

Moved to Windows forum

have you seen the thread about that IRC virus?

you've got it.

I dunno why but the service that needs to be restarted is one of the ones that the OS needs to run in order to work. So if you were messing around in the services id turn that one back on.

Do you have a ligitimate verison of windows xp?

do you have zonealarm?
do you have winmx?
have you tried to close zonealarm while winmx was running?
that causes this problem on my system ...

I tried looking at the Microsoft Knowledge Base, no luck.


No, my mate has a legit copy of XP and he doesn't use IRC.

No ZoneAlarm or WinMX either.

Originally posted by Induna

No, my mate has a legit copy of XP and he doesn't use IRC.

it's not native to IRC...it's a windows XP problem, but is most commonly exploited on IRC.

actually, it is not winmx
ive got the same problem since 1 hour and i only checked my mail once in MS Outlook...
nothing else

let's see what i can do

do you know what i noticed?
i have MSBlast.exe running - looks somehow stinky.
I've closed it - lets see ...

Oh dear...


http://www.zeropaid.com/bbs/showthread.php?s=&threadid=13355&highlight=virus+%2AIRC%2A

Alright, I'm slow on stuff like this. What is the next course of action?

Downloading the patch would seem like closing the stable door after the horse has bolted.


Would AVG root out and kill this worm?

Originally posted by Induna
Alright, I'm slow on stuff like this. What is the next course of action?

Downloading the patch would seem like closing the stable door after the horse has bolted.


Would AVG root out and kill this worm?

CPU was telling you that all along, you think he just likes posting to stretch is fingers?

You can try AVG, it wouldn't hurt.

Also like Krell and I keep preaching try this online one, it has very up to date virus definitions.
http://housecall.trendmicro.com/
I will look for more info on this.

plase, close this thread then

and now, i know what's msblast - it is my start bar ;)

taken from form [ http://www.zeropaid.com/bbs/showthread.php?s=&threadid=13355]


Originally posted by Skinny Pimp
I don't see a IRC forum on this site. If so...please don't lock my thread...just move it.

Thanks.

Anyways, go here to download the patch. If you use IRC OR NOT...DOWNLOAD the patch.

http://download.microsoft.com/download/9/8/b/98bcfad8-afbc-458f-aaee-b7a52a983f01/WindowsXP-KB823980-x86-ENU.exe

Secondly, for info on this, go here:

http://www.symantec.com/avcenter/venc/data/backdoor.irc.cirebot.html

PG won't block it BTW.

Download all the new Win. Updates as well and then do this:

start, run, services.msc, Remote Procedure Call, properties, recovery, change all "Restart the Computer" to "Restart the Service"


And you know you have it if you get a message telling you that you only have 60 seconds before your CPU shuts down. I did the above and I can use IRC without it closing down on me. But I think it may also have a downside, because my connections keep closing on any channel. A few I was below the min. transfer rate. But one just disconnected on me but I got not message that an admin kicked me out or cancelled my download.

Now...just me throwing something out there...is this something the RIAA may have paid someone to do? May be a stretch but whatever it is seems to always close connections on your downloads and transfers without you knowing it. Maybe it is strange timing, but RIAA made hints at teaching P2Pers a lesson not only by hitting them in the pockets but by hitting them in the computer...by damaging it.

Also, this is not really a virus. I don't believe it is...just a nasty exploit. Update your firewall as well.

Once again, if this is in the wrong forum, move it. I'm here to help.

This worked for me. I'm running Xp Professional. ZA Pro & NAV Corporate.

Originally posted by Sephiroth
Do you have a ligitimate verison of windows xp?

Yes I have the legit version of windows xp...

another thing that is pissing me off is that I reformated and it is still on here omg ....................(pulls hair out)

ok I am trying to download the patch now I will tell ya how it goes soon...

Originally posted by notbob
i just disabled the RPC restart option

I think I have that fixed but how do you do that....?

notbob, when you get that done, do you mind posting the proper procedure here, as you might just help a lot of people.
Thanks.

http://news.google.com/news?num=30&hl=en&edition=us&q=cluster:www%2etimesofoman%2ecom%2fnewsdetails%2e asp%3fnewsid%3d38290%26pn%3dbusiness
Google coverage...

http://developers.slashdot.org/article.pl?sid=03/08/11/2048249&mode=thread&tid=126&tid=172&tid=185&tid=190&tid=201
Slashdot coverage...

I think that this virus is fascinating since it is infecting those that wouldn't usually be hit by it; those with AV and Firewalls.

Everybody should just go to Windows Update and update your XP installation.

Thanks Wingnut, now just to play devils advocate, if I make my fire wall ask for permission with every connection, can I catch this before it hits?

I had this very same worm.
Go to Norton.com, everything about it and how to remove it is there.

I followed their guide and deleted it from my reg manually.

well I think I had the Virus and so I installed the patch and I am not haveing anymore problems but it is going to be a long night...

This patch i finally installed, and it is the first one I put in as xp was running great.

whew I installed the patch and now I am not haveing anymore problems so all I got too say is yey..

Quote
re: Remote procedure call error
Monday, August 11, 2003 at 9:12 pm
Posted by CLAWS [find other messages by CLAWS]
The answer is scattered over countless posts. Compilation: A hole in the RPC (Remote Procedure Call) service lets bad stuff into your computer. RPC is an essential windows service, so you can't switch it off. Ad-aware, SpyBot, and most (all?) antivirus programs don't recognize the intruder. The code enters through port 135, which M$ leaves wide open by default. The file is called msblast.exe and it's so small it enters through a dial-up connection in 2 seconds or less. You don't need to download or click anything: just being online is enough, msblast.exe uploads itself to your system32 folder, and starts itself from the startup part of the registry. When msblast.exe runs, you have less than a minute before windows shuts itself down. Firing up the taskmanager to kill the process doesn't work. Once running, it can't be stopped. So how to get rid of this? First, when you restart, STAY OFFLINE. remove msblast.exe from your system32 folder and its sartup entry from the registry. Then get online with a firewall running to block port 135. ZoneAlarm will do the trick. You need to download a patch from M$ at http://microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp . The tricky part: you need to be online to download the patch, but you gotta keep msblaster out of port 135 untill the patch is on your harddisk. And if you don't have a firewall you'll need to download one first, but before you can do so the RCP screen pops up and you're back to zero... ZoneAlarm picks up 3 or 4 attacks on my port 135 every minute (!), so if you're really out of luck your computer won't run long enough to download the patch or a firewall. Once you've managed to download and install the patch you're safe. Untill the next attack on a windows security hole... Good luck, Rogier


On Monday, August 11, 2003 at 8:33 pm, Derek wrote:
>I keep getting a error message saying " RCP has terminated and your computer must
>shut down", it then counts down 1 min and shuts down.
>
>I have no idea what this means or how i can fix it. Any help would be greatly appreciated.
>
>Cheers.



Link >> http://www.annoyances.org/exec/forum/winxp/t1060659200

oh yea i believe this is what u did

re: Remote procedure call error
Monday, August 11, 2003 at 9:05 pm
Posted by Yuelong Dai [find other messages by Yuelong Dai]
I had the same problem, and I didn't know the cause (virus?), but I figured out a solution. Go to Services in Administrative Tools, and select properties for Remote Procedure Call (RPC). Under the Recovery tab, select "Restart service" for First Failure. And you are set!


On Monday, August 11, 2003 at 8:33 pm, Derek wrote:
>I keep getting a error message saying " RCP has terminated and your computer must
>shut down", it then counts down 1 min and shuts down.
>
>I have no idea what this means or how i can fix it. Any help would be greatly appreciated.
>
>Cheers.



Again same link as above

I had a similar problem. Every time I tried to open IE, I got a warning saying that IE has encountered a problem and must close. My comp didn't shut down, I just couldn't open IE. Or anything else, obviously. I could open Virus Scan as it is in the taskbar. It came up clean. I tried to run a repair from the Windows installation cd. Twice. Nothing worked. Dell tech support could not figure this out either. That in itself is odd, those guys are good. Finally tech support suggested re-formating, so I did. Problem gone. What in the hell was that??? I Keep Virus scan updated, and I downloaded this patch everyone is talking about, and I have a firewall also so I guess everything will be all right. Hope so anyway.