Re: RPC Shutdown Error Virus-Do I Have It?

I am using XP SP2 and I do get the 60sec shutdown msg you mentioned. The run
command did generate a log file.
Louie


"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:vLYMg.3964$Qb2.2847@xxxxxxxxxxx
From: "Luigi" <lschimenti@xxxxxxxxxxx>

| About once a month I get the Remote Procedure Shutdown error which I've
been
| told by net research is the Blaster Worm Virus. I cannot find any
evidence
| of this virus. I have downloaded MS Removal Tool, Symantec FixBlast Tool
| (which took like 2 hours to run and didn't find anything either). Tried
a
| couple of other site scans and everything tells me I don't have this
virus.
| I went through this last month when it happened and it just happened
again a
| few days ago. My NOD32 is up to date and full scan turned up nothing. Is
| this a symptom of something else? I am running Win XP and have a home
| network of 3 computers total (all Win XP) and none of the other
computers
| displayed this or any unusual behavior.
|
| Distressed Louie
|

You need to be exact and specific.
Are you using XP SP2 on the affected PC ?

Do you get the following 60 sec shutdown message ?

NT AUTHORITY\SYSTEM

"Windows must now restart becuase the Remote Procedure Call (RPC) Service
terminated
unexpectedly"

Even if you do it is NOT indicative of a RPC/RPCSS DCOM Exploitation of
the buffer overflow
vulneraility worms take advantage of using TCP Port 135.

You indicate you have a SOHO LAN which means a NAT Router so the likely of
an Internet worm
exploiting TCP port 135 is extremely low.

I doubt it is such an exploit. Even still, the Lovsan/Blaster is a
dead/dying worm with
extremly low indcidents now. There are however many BOTs that will
exploit the RPC/RPCSS
DCOM buffer overflow vulneraility and the so-called Blaster removeal tools
are worthless on
them. The RadeBOT, SDBot, GAOBot, RBot are just a few that now take
advantage of this
exploitation metod.

Please run the following command...

Go to; Start --> Run
Type; notepad %windir%\KB828741.log
Hit the enter key.

Does NOTEPAD show a LOG file or does it generate an error that
KB828741.log was not found ?

Plaese answer and respond to ALL of my questions.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm




.

Relevant Pages

  • Re: Is reinstallation needed??
    ... > going to automatically shutdown then restart. ... If you connected the PC to the Internet without having first ... What You Should Know About the Blaster Worm ... W32.Blaster.Worm Removal Tool ...
    (microsoft.public.windowsxp.general)
  • Re: nt authoritysystem
    ... To stop shutdown, click Start, click Run and type: ... It doesn't remove the worm. ... You can then connect to the Internet and download the Microsoft relevant patch. ... Internet to obtain the patch, definitions, or removal tool before the worm shuts ...
    (microsoft.public.windowsxp.customize)
  • Re: system shut down
    ... You might have the sasser virus or the blaster virus ... To stop shutdown, click Start, click Run and type: ... It doesn’t remove the worm. ... You can then connect to the Internet and download the Microsoft relevant patch. ...
    (microsoft.public.windowsupdate)
  • Re: virus
    ... When you get the shutdown message... ... This will halt the shutdown and give you a chance to Download the McAfee worm removal tool, ... itself to UseNet News Groups and well as it has its own email engine. ...
    (microsoft.public.security.virus)
  • Re: Blaster virus - no start menu
    ... If and when you get the shutdown message... ... This will halt the shutdown and give you a chance to Download the McAfee worm removal tool, ... Swen Internet worm to visit you. ... itself to UseNet News Groups as well as it has its own email engine. ...
    (microsoft.public.scripting.virus.discussion)