Okay I was online on the computer reading through my new html book. Messing around with WordPad as this is my fist time learning html. I am sitting here and get this error:

Remote Procedure Call (RPC) Service Terminated Unexpectidy.


I have no idea what it means. I tried doing windows xp restore point. That didn't help. So I totally deleted windows, moved anything important to the 2nd hard drive and reinstalled Windows.

So for about 20minutes everything is fine. But the message comes up. So now I have no clue what it could be since I just re-did my computer.

Do you guys/gals have any suggestions or any patches/fixes you know of. This is annoying to restart every 10-20minutes!

Oh and I forgot to mention one thing.

When I do Ctrl+Alt+Delete and I click the Processes tab there are a bunch of

svchost.exe username=network service
svchost.exe username=local service
svchost.exe username=system
svchost.exe username=system


And I cannot remember which one it is, but when I close one or end the process that is when the little shutdown warning box comes up and counts down from 1minute.

It's a security problem in XP thats being exploited by somesort of virus code.. The thread links below will guide you to the patch updates but they may also privide information about what to do after the fact.

http://www.zeropaid.com/bbs/showthread.php?s=&threadid=13568&highlight=virus

http://www.zeropaid.com/bbs/showthread.php?s=&threadid=13355&highlight=virus

http://www.zeropaid.com/bbs/showthread.php?s=&threadid=13559&highlight=virus

http://www.zeropaid.com/bbs/showthread.php?s=&threadid=13572

Keep an eye on these as an answer may pop up... There are many new threads popping up on this subject that the answer may never reach you unless you search and keep up to date. I would subscribe to those threads to keep up on it.. Hope it helps. [/B]

Ironically, it was The Matrix Reloaded I was watching when this thing shut down my other machine. I patched it too, and then reconfigured my services and used msconfig to examine start up group items again.


Thx johnsmatrix for taking the time to provide some solid links and info.


PowerMan57two = examine your Event logs, watch what happens and notice the times.

The rest of you, can compare those times to events in your firewall.

Okay I downloaded the patch form the 2nd link you gave me. I'll let you know if I get anymore messages. I still see the 4
svchost.exe username=network service
svchost.exe username=local service
svchost.exe username=system
svchost.exe username=system

Are those supose to be there still?
I really have no idea how I got this thing. I was just reading my new html book that I got an Barnes and Nobel today :mellow

LoL and there I got the message.

Symantec Info:

http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html

There is a tool here to remove it.

Patch for Windows:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp

Affected systems are: XP, 2000, NT4 and server 2003

McAfee DAT

http://download.mcafee.com/us/updates/updates.asp

4283 will detect the worm, 4284 will clean it.

I hope that helps you guys, oh yeah you might also want to block ports TCP 4444, if you don't use these apps you should also block :
TCP Port 135, "DCOM RPC"
UDP Port 69, "TFTP"

According to www.neowin.net

PS: PowerMan it is normal to have those svchost services running.

Yes you will always see svchost and generic host processes.

Use the Windows upadate tool, get all the security updates, and follow the steps and links provided by beardedwonder.

https://grc.com/x/portprobe=135

Okay I read the first parts of the news from news.com they say this:

Dubbed "MSBlast" by its author, the worm is spreading quickly, according to an initial analysis


I do ctrl+alt+delete and under processes I see the MSBlast running. What do I do! I am dumb as a rock for internet and blocking stuff, TCP ports, and all this other crap. I am just learning php/html now. LoL. Give me a computer to build and you got it done.

This is my first time receiving a virus that I actually couldn't fix. Usually if I got one before it was a simple restart, or reformat. It didn't work this time!

Heres what you do



First, stop panicking. Nothing is on fire.

Second, you follow the links in the above posts and read the articles.

You get the patches, and follow the steps recomended, nothing less, nothing more.

There is nothing lacking in this, or any of the other 4 current threads about this. Just do it.

I suggest you turn off your PC, go to bed, and do it tomorrow.

LoL to late. Have already read, and updating my computer now. 98.4MB worth of updates for me on Windows XP Pro. Thanks for the help. I haven't got the error now. It should be all good. Thank you a bunch.

I have exactly the same problem right now! Thank God i found this thread early. I was getting pretty mad about this!!!

me too!! just got shut down myself by something and received error message - something to do with " NT Data Control" or some crap like that. so what did i do? why i went straight to zeropaid forums of course where the most helpful links and advice have enabled me to clean XP house, so to speak and my XP sys now running error free at the moment. many thanks zeropaiders. bloody great service.

regards

kiwibank

You know what sucks... I actually was one of the first few to get infected, like a month or so ago. No one knew what was causing it or how to fix it. Then MS released a patch and I finally got it fixed (There was a patch on windows update a week or two ago)... After all of that (weeks of having it restart at random times), it's nice to see you all finally catching up and having to suffer to :P :wings.

If you haven't updated yet, you should asap. My mom got infected this morning and I had to go back and fix her computer by applying the patch. For comparison, we both run XP Pro, but I have a 1.5 mbit connection and she has 56k. She is only online for about an hour a day, while my computer is on 24/7. She also has never downloaded any file in her life (I get her what she needs so she will avoid viruses (She is a total "noob"). As you can see, it seems to affect everyone.

lol you think this is bad ? EVERYONE of my friends has gotton whatever the hell this is, and came crying to me for help. Luckily it is fairly easy to sort out once you identify what the problem is.

Luckily, I patched a few days ago. Also did a virus scan (updated defs).

I'm clean..................:fire

I have exactly the same problem and partly its solved if you'll go to control panel>administrative tools>computer management>services>remote procedure call and set properties in case if there will be problem with RPC to "do not take action" instead of "reboot the computer". Of course its not a full solution, but at least your computer will not be rebooted.

Yeah but I think it'd be better to just get the patch and be safe either way.

^^ BUMP ^^


(serious, this is spreading like wildfire, and needs to be bumped, 3 of my family members just got this, perhaps we should sticky this for the time being?)

i will stickie it for now, as I feel we will see a lot of panicked people.

Cool, I got my first thread stickyed ever. LoL :fire

Originally posted by Shadow, Thief of the Sun
I have exactly the same problem and partly its solved if you'll go to control panel>administrative tools>computer management>services>remote procedure call and set properties in case if there will be problem with RPC to "do not take action" instead of "reboot the computer". Of course its not a full solution, but at least your computer will not be rebooted.

Actually doing that or telling it to restart the service does less good than restarting. You will lose the ability to drag and drop files, the ability to open up a variety of programs, and some other important functions. Trust me, I was one of the first few infected. I had to deal with this, without an ounce of knowledge, for a few weeks before most everyone else. Unless your computer restarts, it won't run right.

Alliercollins - Yes, i just wanted to add this. I can't do a lot of things, can't see links and so on. I'll try to use patch as soon as i can and see what will happen. Thank you for this info.

I did start getting probed by infected computers starting last night. I'm glad that I run a firewall and keep my Norton's and XP patches up to date. Most of these probs can be avoided just by doing those two things. It boggles my mind that so many broadband users run their computers without a firewall. That's like hanging a lit sign on every door and window of your house that says 'Not locked, c'mon in!' ;)

Originally posted by jonnymnemonic
I did start getting probed by infected computers starting last night. I'm glad that I run a firewall and keep my Norton's and XP patches up to date. Most of these probs can be avoided just by doing those two things. It boggles my mind that so many broadband users run their computers without a firewall. That's like hanging a lit sign on every door and window of your house that says 'Not locked, c'mon in!' ;)

Haven't gotten it yet...but I've racked up almost 5,000 hits on port 135...yay me!

Is "firewall" a foreign word? Even such a thing as ZoneAlarm blocks incoming packets to those RPC specific ports.

So, how long until we Windows users will be bombarded with this kind of popup (view-source:file:///c:\windows\win.ini)?

I think that virus is in Windows> System32>msblast.exe, but i still can't get to this file and delete it....


Ok, got it. I just turned off msblast through Task Manager and deleted msblast.exe. Hope that it will work.

I just used Symatec tool for removal link for which was provided by somebody else in here:

"The process "msblast.exe" is viral. It is terminated.

Deleted the value "windows auto update" from the registry key
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run"."

I think that everything is fine now.

lucky you guys... get hit with the virus that everyone is talking about and releasing virus-specific purge utilities.... after running a norton remote virus scan i found a virus that both Anti-Vir and AVG free missed, i think it was called backdoor.sdbot or something like that... I'm fairly sure my firewall and zonealarm protected me most of the time from it's effects (it runs remote control via IRC) but i have no clue how long that little fvck3r has been hiding on my computer.

One question - i have not gotten this virus - but dont all people in here use a firewall - my firewall is up all the time no matter what - i have been blocking tons of port scan attacks in the last 3 days. - so cna i still get this shiat or what ?

Yeah Go Blaster go go go hehe :)...................................

I experienced something similar. I started my computer last night, launched shareaza. stepped away for a moment and my computer is now stuck at the initial startup diagnostics screen with the following message

Disk Read Error
press Alt+Ctrl+Del to continue

I did this and the same thing starts. Did I fry my harddrive? I have an Iwill Mother board With a AMD Athlon XP 1800+ CPU, 80GB harddrive, running Norton 2003 Proffesional & Black Ice defender suite, I update my OS often Windows XP home edition (I bought a complete version with service pack 1 included) have latest security patches installed and updated Norton
almost daily. If you what may have happened please let me know, my e-mail is

I experienced something similar. I started my computer last night, launched shareaza. stepped away for a moment and my computer is now stuck at the initial startup diagnostics screen with the following message

Disk Read Error
press Alt+Ctrl+Del to continue

I did this and the same thing starts. Did I fry my harddrive? I have an Iwill Mother board With a AMD Athlon XP 1800+ CPU, 80GB harddrive, running Norton 2003 Proffesional & Black Ice defender suite, I update my OS often Windows XP home edition (I bought a complete version with service pack 1 included) have latest security patches installed and updated Norton
almost daily. If you what may have happened please let me know, my e-mail is *email address removed*.

First off someone will reply to this thread so remove your email address unless you don't mind spam. :wings

I'd suggest getting into the bios and checking out the S.M.A.R.T report if your bios handles it. Look for min an average and see how well the drive stacks up.

Could just be an XP problem (as in the OS) or it could be a loose cable or the drive was defunk when you bought it.

How old is the drive? Was it used? Did you check molex + IDE cables?

If you can check out smart try an post the read/write an seek figures.

You have the MSBLAST virus!!

I see msblaster viruses...

MAKE THE SWITCH TO LINUX!!

I also had a similar problem. Sometimes, when a cpu is installed that is uncompatable with the motherboard you have, windows will either misdiagnose the problem, sending you an error that does not exist, OR it simply shuts down without warning. this can also happen with other hardware components. Try making sure everything is compatable hardware-wise. if you still get the same problem, Tw33k may be right and you may have a virus. If this is the case you will have to reformat BOTH hard drives and start from scratch. BUT BE WARNED!!!--->> Some viruses can load themselves into the ram or bios on the motherboard!!!!! So when you re-do everything make SURE that you reset the motherboard and ram!!! (Ouch) msblaster is a B*tch.

Hi, I have recently tried the patches etc for this problem and they didnt work, I even tried reloading my pc but the virus does not seem to get wiped. What is the best way to erase my whole hard drive completely, so that I do infact kill the stupid damn bug!!!