Tech Support banner

Status
Not open for further replies.
1 - 9 of 9 Posts

·
Registered
Joined
·
11 Posts
Discussion Starter #1
You guys are pretty sharp and I thank you for your help. I have another one: a couple times in the last day (since I did a system restore and reinstalled software), I've received a Remote Procedure Call system shutdown message that tells me to save my work because my system is being terminated. And after about 60 seconds, it does just that. Has anyone seen this before and can you tell me how to fix it?
 

·
Registered
Joined
·
11 Posts
Discussion Starter #4
I'm Baaack ! I did everything that was recommended to get rid of the Blaster worm. The weird thing is that there was no reference in the Task Manager to msblast.exe and there was no reference in the registry to 'windows auto update' and it just happened again. I also executed the fixblast fix tool and there was no evidence of the blaster worm found. Help !! My recovery settings for RPC are currently 'restart the service'; not 'restart the computer'. I'll set them back when I find out what I missed.
 

·
Registered
Joined
·
57 Posts
Ok you have the w32 worm blaster virus on your pc. IF you are using windows xp you have to disable system restore and than Click Start > Run. (The Run dialog box appears.)
Type:

SERVICES.MSC /S

in the open line, and then click OK. (The Services window opens.)


In the right pane, locate the Remote Procedure Call (RPC) service.



--------------------------------------------------------------------------------
CAUTION: A service named Remote Procedure Call (RPC) Locator exists. Do not confuse the two.
--------------------------------------------------------------------------------



Right-click the Remote Procedure Call (RPC) service, and then click Properties.
Click the Recovery tab.
Using the drop-down lists, change First failure, Second failure, and Subsequent failures to "Restart the Service."
Click Apply, and then click OK.


--------------------------------------------------------------------------------
CAUTION: Make sure that you change these settings back once you have removed the worm.
--------------------------------------------------------------------------------

After doing all these steps run the removal tool again you can obtain that from here http://securityresponse.symantec.com/avcenter/FixBlast.exe

Make sure you turn system restore back on and the other settings that you change in administrative tools back to there original settings.
That should do it!
 

·
Registered
Joined
·
11 Posts
Discussion Starter #6
Thanks, Johnny Law. After I reviewed what I had done and then read your post, I skipped a step. After I finally got past that, I couldn't install the service patch because of a "cryptographic service" error. I finally got that resolved, ran Norton again, turned system restore back on, and changed the RPC stuff in the task manager back, I think I'm okay now. You guys have been great and I appreciate it.
 

·
Registered
Joined
·
57 Posts
!!!!

You said that you were getting the "cryptographic service error"

Cryptographic Services may not be running on your machine.
Start the Administrative Tools utility in Control Panel.
Double-click Services. (this will open the services window)
Right-click Cryptographic Services, and then click Properties.
Click Automatic for Startup type, and then click Start.
If you CAN NOT start the service try booting your machine in SAFE MODE and then repeating the above.. For SAFE MODE press F8 when your PC starts up but, BEFORE you get the Windows XP screen!
If you can not start the Cryptographic Service then the likely cause is that the Remote Procedure Call (RPC) is not running. To check this go to the "Services" window by running through the steps detailed above... Now right click the Remote Procedure Call (RPC) service. If the status shows it is not running then it has been disabled!

Try that if your interested... Just curious was it Service Pack 1 you were trying to install?
 

·
Registered
Joined
·
11 Posts
Discussion Starter #8
Hi, Johnny Law. Sorry this response took so long; I was having problems getting in to the forum (probably user error). The service was running but apparently, I had a bad module. Everything's groovy now. Thanks to all of you for your help; you've taught me a lot.
 

·
Registered
Joined
·
6 Posts
Just a word of warning for all of you, the blaster source code is out there now, and I mean with all the little script kiddies. Its being traded over P2P networks and in IRC, with recommended modifications to make it overcome the released patches to systems, so keep that firewall up, your gonna need it over the new couple of weeks.
 
1 - 9 of 9 Posts
Status
Not open for further replies.
Top