PainZ
Member
Registered: 28th Jun 02
Location: Camberley, Surrey - Drives a Black Vectra VXR Esta
User status: Offline
|
My PC keeps getting this error message,
it pops up and then gives me 1 minute before my pc will shut down on its own, anyone know what it is?
I have already formatted this morning as i thought it may be a virus,
I have taking my case side of and have a HUGE desk fan blowing into it keeping the whole PC cool.
I havent changed any hardware inside the PC for ages
The error says
Windos must now restart becuase the Remote Procedure Call (RPC) service terminated unexpectedly
Any idea?
cheers
gotta go just got one now :/
|
Kerry
Member
Registered: 5th Oct 01
Location: Norwich
User status: Offline
|
http://www.corsasport.co.uk/board/viewthread.php?tid=83708
|
Sam
Moderator
Premium Member
Registered: 24th Dec 99
Location: West Midlands
User status: Offline
|
Look at the Event Viewer for clues.
|
Tiesto
Member
Registered: 6th Jun 02
Location: Hinckley, Leicestershire
User status: Offline
|
go control panel > Adminastritive tools > services > then go down page until you find "Remote Procedure Call" > Right click then Properties, > Click recovery and those three boxes change to dont ake action.
Once done that go alt-ctrl-del then processes and close the process of msblast.exe , once done that go search all files and folders and search for msblast, delete the msblast.exe file. then go here for microsoft patch = http://microsoft.com/downloads/details.aspx?FamilyId=2354406C-C5B6-44AC-9532-3DE40F69C074&displaylang=en
This is on XP though
|
Nismo
Member
Registered: 12th Sep 02
User status: Offline
|
its the W32.blaster.Worm doing the rounds at the moment, its hitting loads of XP users. if your on ME / 98 then your safe.
|
Nismo
Member
Registered: 12th Sep 02
User status: Offline
|
see
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html
|
Tiesto
Member
Registered: 6th Jun 02
Location: Hinckley, Leicestershire
User status: Offline
|
its also called msbalst.exe too
|
Nismo
Member
Registered: 12th Sep 02
User status: Offline
|
yeah
also check out microsofts statement
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp
|
willay
Moderator
Organiser: South East, National Events
Premium Member
Registered: 10th Nov 02
Location: Roydon, Essex
User status: Offline
|
yep the new internet worm causing terror to winxp/win2k clients, if you got a firewall then block port 135 (you should be doing this already) that will stop any more attacks getting through, download all the latest patches from whatever.
|
Nismo
Member
Registered: 12th Sep 02
User status: Offline
|
from the Symantec (norton) website,
If the current month is after August, or if the current date is after the 15th, the worm will perform a DoS on "windowsupdate.com."
With the current logic, the worm will activate the DoS attack on the 16th of this month, and continue until the end of the year.
The worm contains the following text, which is never displayed:
I just want to say LOVE YOU SAN!!
billy gates why do you make this possible ? Stop making money and fix your software!!
thats cool
|
willay
Moderator
Organiser: South East, National Events
Premium Member
Registered: 10th Nov 02
Location: Roydon, Essex
User status: Offline
|
personally i think its lame, and sounds like something from hyped up hacker movie.
|
willay
Moderator
Organiser: South East, National Events
Premium Member
Registered: 10th Nov 02
Location: Roydon, Essex
User status: Offline
|
so 1996.
|
Nismo
Member
Registered: 12th Sep 02
User status: Offline
|
yeah but think of the size of the DoS attack, i work in IT support and all day its been people with this virus and not noing how to get rid of it.
|
willay
Moderator
Organiser: South East, National Events
Premium Member
Registered: 10th Nov 02
Location: Roydon, Essex
User status: Offline
|
yeah if the situation doesnt carm down, and from my firewall logs at the moment I'm getting 2-3 requests PER minute from the RPC worm I can see how big it is, shit is going to go down on the 16th :/ , Though is does really matter if the worm is targeting www.windowsupdate.com or an ip address, a worm which attacked msql servers I believe attacked the same website but instead it attacked the IP, what did Microsoft do? Just blackhole the IP and move the website onto a new one, easy (iirc) 
|
Sooty
Banned
Registered: 9th Mar 03
Location: FLAP CENTRAL
User status: Offline
|
quote:
Originally posted by Nismo
its the W32.blaster.Worm doing the rounds at the moment, its hitting loads of XP users. if your on ME / 98 then your safe.
Not anymore 
|
willay
Moderator
Organiser: South East, National Events
Premium Member
Registered: 10th Nov 02
Location: Roydon, Essex
User status: Offline
|
sooty, is there a new version in the wild attacking ME now? cause i heard it wasnt vuln to the current worm?
|
Sooty
Banned
Registered: 9th Mar 03
Location: FLAP CENTRAL
User status: Offline
|
yep... its spreading to 98 and ME
|
willay
Moderator
Organiser: South East, National Events
Premium Member
Registered: 10th Nov 02
Location: Roydon, Essex
User status: Offline
|
oh well if you still use 98/Me you deserve everything that comes at you.
|
willay
Moderator
Organiser: South East, National Events
Premium Member
Registered: 10th Nov 02
Location: Roydon, Essex
User status: Offline
|
sooty, any links to prove your jabber?
|
