Tech Support Forum banner
Cancel

Strange Windows XP error

Jump to Latest Follow
Status
Not open for further replies.
1 - 20 of 93 Posts
X

· Registered
Joined
·
2 Posts
Discussion Starter · #1 ·
Hey guys, thanks for reading this..
Ive receiced a distresing error message twice today. It reads:

"This system is shutting down. Please save all work in progress and log off. Any unsaved changes will be lost. This shutdown was initiated by NT Authority/system"

And then counts down from a minute. This really worries me, if anyone has knowledge concerning this, please enlighten me.

Your efforts are truley appreciated.
 
G

·
#2 ·
Welcome to the forums XGP............:D

I'm assuming that your running an activated version of XP.

If a machine is a target of the currently available exploit program
for the MS03-026 vulnerability, it will in some cases pop up a window titled "System Shutdown" with the text:
This system is shutting down. Please save all work in progress
and log off. Any unsaved changes will be lost. This shutdown
was initiated by NT AUTHORITY\SYSTEM

Time before shutdown: 00:00:59

Message:
Windows must now restart because the Remote Procedure Call
(RPC) service terminated unexpectedly


(The machine then reboots in 59 seconds.)

This indicates an unsuccessful exploit attempt on an unpatched
machine. If customers see this message, they should most likely save their work and then disconnect from the network, or else patch the machine immediately after it reboots.
 
D

· Registered
Joined
·
2 Posts
#5 ·
There is just no way to patch it.

Right now I am on my husbands computer. I came in here and searched found my problem in this thread.. SO I thought ok I patch it. It tooke me three times before I caould actually download it by the time I got to the page it had shut down already. So now I have it downloaded but there is no time to run it before it shuts down it will start running but then the coputer shuts down.
 
S

· Registered
Joined
·
1 Posts
#6 ·
Remote Procedure call

I too started getting this message about one hour ago, I've had to log on my work PC to access the web as my home PC keeps shutting down?

How do I get to the download as the microsoft link wants to upgrade the work pc which has a different os!!!

Help.
 
D

· Registered
Joined
·
1 Posts
#8 ·
I started getting this today - every time I went online, after 3-5 mins, I got the dreaded "This shutdown was initiated by NT AUTHORITY\SYSTEM"

I completely reinstalled my OS, and of course that didn't work, so I searched for the error, and found this thread - including the link to the patch - thanks very much for that.

I've installed the MS patch (I was sweating a bit when it took 90 secs to download - I was dreading getting the message again!!). It seems to be holding up so far (been online now for about 15 mins).

On the firewall issue, I've just enabled the "Internet Connection Firewall" as recommended by MS on their site. Is this sufficient ?

Ta,

Dr J.
 
M

· Registered
Joined
·
1 Posts
#9 ·
firewall definately a good idea

I had the same problem and it wouldn't even let me download the security patches, the error message would pop up immediately and restart the computer. Even if I was browsing in the internet to look for solution, it would pop up... :mad:

I ended up going to Mc Afee's website, downloaded Personal Firewall free 30day trial and installed that. After the firewall was in action, I could download the XP updates and install them.

Later I ran the viruscheck and found "Exploit-DcomRpc" file on C:/windows/system32/msblast.exe
My virus scan program wasn't able to clean it, so obviously it needed to be deleted.

I don't know whether Mc Afee's firewall is the best on the market, but it was available, free and did the trick for this one... remains to be seen whether I'll keep that one or choose for something else. Any recommendations anyone?

I'm a fire starter.... :winkgrin:
 
N

· Registered
Joined
·
1 Posts
#10 ·
Hello,
I work in the IT Dept. at my compnay and we had this happen to several of our users. The problem we came up against was that the computer would restart before we could install the patch, this even happened in safe mode. After some more searching i finnally found a way to stop the computer from rebooting so that the patch could be installed. When your copmuter comes up go to control pannel -> admin tools -> services and select the remote procedure call (RPC) and go to properties. Click on the Recovery tab and change all of the failure actions from restart computer to restart service. After you apply this your computer will now not restart the next time the problem occurs. This will enable you to have enough time to run windows update and get the patch installed. After you have the patch installed reset the service to restart the comptuer and you should be all set.

-NacNud
 
S

· Registered
Joined
·
1 Posts
#11 ·
Oddly enough, I have just started having the same error. Computer been fine up until tonight. Suddenly I am getting NT Authority/System, RPC failed, system shutdown (and a countdown for 60 seconds): Remote Procedure Call (RPC) service terminated unexpectedly.

Anybody got any ideas what the heck this is and why it's suddenly started. I've had 3 reboots in as many minutes!

Seems to happen when I am online.

Many thanks to anyone who can shed some light on this.

I'm using WinXP Home Edition version 2002.
 
J

· Registered
Joined
·
15 Posts
#13 · (Edited)
a couple of my friends have had the same problem, and i think its caused by msn messenger. one of my friends noticed the msblast.exe process running when he pressed control alt and del, tried deleting it and ending the process but it simply reinstalls. if you read the articles on http://www.mess.be you'll see that its related to msn messenger.
 
E

· Registered
Joined
·
3 Posts
#15 · (Edited)
JayCully, you have to delete it out of the registry too.



I'm having the problem too. Here is an email my ISP just sent me.

Greetings,

As you may have heard by now in the news there is a new virus that
is exploiting a security flaw in Windows XP, NT and 2000. The
virus is known as "W32.Blaster.Worm" or "MSBlast." The virus does
not come through email. It is sent to your computer through a Remote
Procedure Call, or RPC, meaning that an infected computer scans
other computers for a certain open port, and then sends itself
through that port. This security flaw is not in Macintosh, Linux or
Unix operating systems. To read more about the security flaw,
please go to
http://www.microsoft.com/technet/security/bulletin/MS03-026.asp

To keep from getting this virus, you should go to
www.windowsupdate.com and scan for all patches available for your
computer. After it scans, you should download all the security
patches. This will keep you from getting the virus.

NOTE: If you are infected, you will see an error saying "...NT
authority must shut down your computer in 30 seconds."

BEWARE! Some users who have the virus have reported that while they were
attempting to download the patches from Microsoft, the virus rebooted
their computer. There is little chance of damage from this and it will be
possible to eventually receive the patches from Microsoft even if you are
infected and the virus reboots your computer. Just keep trying to get the
patches.

XP users can prevent this from happening by turning on Internet Connection
Firewall in their connection profile. IF YOU ARE AN XP USER, right click
on your connection icon, left click on Properties, click the Advanced
Tab, and place a checkmark next to "Internet Connection Firewall." This
will allow you to download the patches without the virus rebooting your
machine.

To fix this, you must edit your Windows registry. It is extremely
important that you follow these set of instructions very carefully.
Enter.net is not responsible for any damage to your computer from
following these instructions. If you don't feel competent to perform
this service, you should contact your computer dealer/consultant, or
Enter.Net's in-house service department.

1. Click Start, and then click Run. (The Run dialog box appears.)
2. Type regedit
3. Then click OK. (The Registry Editor opens.)
4. Navigate to the key by clicking on the plus next to each section:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
5. In the right pane, delete the value:
"windows auto update"="msblast.exe"
6. Exit the Registry Editor by click the x in the top right corner.

You should then be able to go to www.windowsupdate.com and get the
patch to keep your computer safe. You should also then go to
http://www.housecall.antivirus.com Click on Scan Now listed under
the Customer Advisory. Press yes to any boxes that pop up. You will
then see the Active Update windows where it is downloading an
updated engine and pattern file. Once this is done, put a checkmark
next to your C: drive and a checkmark next to Auto Clean. Then click
Scan. This will scan your computer for viruses and automatically clean
any that it can. It will also give you the option to delete the
infected files that it was not able to clean. This online virus
scanner is free.

Please make sure to update your antivirus programs and your windows
updates at least twice a month. This will keep your computer updated
against any viruses and security flaws.
 
P

· Registered
Joined
·
1 Posts
#16 ·
I had the same problem and couldn't download it without getting the boot (or reboot) so I d/ld the file to my laptop (under W2K) and wrote it to disk (executable) and then installed it on my tower (XP).. all is fine now. BTW a firewall is mentioned to help in these situations... any referrals to any good ones out there? thx....PD
 
T

· Registered
Joined
·
2 Posts
#17 ·
I have also gotten this Inernet worm. I am able to stay connected by following NacNud's suggestion as to changing the RPC properties from restart computer to restart service. However I cannot download the patch due to a"KB823980 Setup Error" saying "Setup could not verify the integrity of the file Update.inf. Make sure the cryptographic service is running on this computer". Can anyone explain this message and what I can do to fix it.
 
L

· Registered
Joined
·
3 Posts
#18 · (Edited)
I was able to DL the patch however when i try to install it i get this message:

"Setup could not verify the integrity of the file Update.inf. Make sure the cryptographic service is running on this computer."

is this related to the RPC or is this a new and different problem? how do i fix it? thank you in advance for your anticipated help!


oops!! sorry about the double post
 
J

· Registered
Joined
·
1 Posts
#20 ·
Resolution here!

In order to get the download and install to work, follow these steps:

Wait until the RPC pops up the "shutting down" message.
Go to Start >Run
Type "cmd" to bring up the Command Prompt
Type "shutdown -a" at the prompt and hit enter
This will end the RPC program completely.
Now run the download and install.

This should solve the problem completely :)

*smiles* And have a great day!
Ms. Jessa Lee
 
1 - 20 of 93 Posts
Status
Not open for further replies.
About this Discussion
92 Replies
58 Participants
Last post:
Lizubia
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Top