RPC is shutting down the system in 15 min.

[Ali 0]

Today we have recievd TONS of calls with this problem. Does anybody else is experiencing this?

is there any solutions to this problems?

 

 

non of my computers at work or at home have this problem, but a Large number of our customers are having this problem. they mostly run Winxp Home and some have Kazaa installed and some don't.

 

 

any suggestions/ information will be appreciated.

 

Edit: Exact same problem, but this time it says "NT Athority" is shutting down your system in **:** min (and there is a count down in all cases).

[RMajere 0]

You and me both, it is very strange.

[Namarie 0]

Its a problem, run winupdate.

 

And check for something called "blast" (think it was wsblast, but not sure), its a worm. Info available on the symantec website.

[Vermyn 0]

Someone finally released a worm that exploits the RPC vulnerability announced in July. Everyone was warned that this would happen and it did.

 

SARC's writeup:

 

http://www.sarc.com/avcenter/venc/data/w32.blaster.worm.html

 

The good news it's really easy to clean.

 

I've cleaned about six machines today... someone was using it to remotely shut down computers from elsewhere on the net. They were popping up a box that told them it was going to shut them down in 1 minute... then actually counted the seconds down until it did so.

[Xiven 0]

Three friends of mine were hit by this worm today (writeup).

 

Because the worm appears to be quite badly written, it's apparently causing repeated crashing of svchost.exe on their machines though none of them had experienced a remote shutdown message like the previous posters.

[adamvjackson 0]

Patch all your NT-based systems, quickly, before you help to spread the worm...

 

Please!

 

Edit: Here's the TechNet writeup on the patches, etc.

http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-026.asp

[el_vago32 0]

damn it, would it be god or something??, but in the right moment I was reading this post, my system exploded ;( ....now I'm on te way to clean it up....this suxx ;( ;(

[el_vago32 0]

8) check it out:

 

Quote:

W32.Blaster.Worm

Discovered on: August 11, 2003

Last Updated on: August 12, 2003 01:24:53 AM

 

Only 1 day of discovered and already a category #4 in Symantec's site!!!???....and considering it'pretty easy to clean...., I don't know man ;(

[adamvjackson 0]

The level 4 alert is probably based partially on the percentage of vulnerable systems, approximate percentage of patched systems, rate of attack/spread, etc.

 

With the quantity of attacks in the past 24+ hours, a level 4 seems about right.

[sapiens74 0]

http://www.cert.org/advisories/CA-2003-20.html

 

 

Here's the authority on this

 

Good read on how to avoid and clean

[tylau 0]

Note that you could possbily diable the "Remote Procedure Call(Locator)" service on your XP pro/home box as it is usually not required in most situations. This service usually log on as "NT AUTHORITY\NetworkService" which might be the one account for the intrusion of those culprits. I have this service set to "manual" which practically disable it on boot up.

[ViolentGreen 0]

Quote:

Note that you could possbily diable the "Remote Procedure Call(Locator)" service on your XP pro/home box as it is usually not required in most situations. This service usually log on as "NT AUTHORITY\NetworkService" which might be the one account for the intrusion of those culprits. I have this service set to "manual" which practically disable it on boot up.

I have always heard that windows needs this service to function properly and that you shouldn't disable it.

[tylau 0]

If you dont feel comfartable then dont.

 

I have disable this service since day 1 of my XP installation and yet to found the first app that need this to run with. take good care.

[AndyFair 0]

The RPC Locator service is not the same as the RPC service. To my knowledge, the WS32.Blast worm uses a vulnerability in the RPC service, not RPC locator.

 

It's a fairly easy worm to defeat, partly because if you're patched, you're not vulnerable, but also because it's a badly written program, and crashes more often than not...

 

Rgds

AndyF

[Ali 0]

Thanks for all the replies

 

we had two disaster falling on us back to back.

 

Mon we discovered the worm that we saw first about two weeks ago. (it seemed to go away for some time, that's why we didn't bother with it). 8)

 

Mon afternoon to Tue evening we were flooded with phone calls about the worm. ;(

Wed mornig we could remove the first of them but our firewall got hit with about 50000000 requests per second and our internet connection died! just because of that one computer.

Thu we had the major blackout, and we couldn't operate on Fri because of that. and today (SAT) we had to fix 60+ systems that came in for service (95% hit by the worm). ;(

i turned on MY computer and there was a crap load of virus on my computer. i have no idea where they came from.

;(

I evantually had to formatted it (i have backup of my files !!!!).

 

you could see what a nice week i had!

 

Have a good weekend everyone (what's left of it anyways).

[billwinkle 0]

I had a strange event with this just this morning at work. I was surfing the web all of the sudden a white screen popped up and in the middle was the message that my machine was going to shut down in one minute. It had a countdown timer.

The strange thing is my machine has windows ME installed. I thought it was not attacking ME or 98.

How ever I quickly did the three finger salute and shut the program down with no ill effect and no reocurrance of the event.

I dont think it was a pop up ad because I was at 4wheel parts web site at the time. ;(

Has any one else seen this?