----Remote Procedure Call----

[funkiguy_me]

some days back i started experiencing the problem of remote procedure call service.
the computer shut down automatically.
it appeared: the RPC service has termineted.
save your work. time to shut down: 59-58-57-0
i knew that this error occurs when the computer is infected with sasser virus.
my computer was updated with antivirus protection.
i am using avast PE.
i also downloaded the patch from microsoft site to protect from the virus, and surprisingly when i tried to remove the virus with the sasser removal tool-Symentec, it showed that sasser virus was not detected on my system.
i have tried many things.
also in the processes section, i could see 4 services running with the name of svchost.exe.
i tried to disable the RPC service but the disable dialog box had disappered.
PLEASE HELP........

[Sourabh]

man install sp2

permanent solution: fresh reinstall xp SP2 on a newly formatted partition and have some adware/spyare programming, with a good av software with updates defn and a firewall

and relax till another MS vulnerability comes !!

[NikhilVerma]

Here is what U need to do

Goto start --> Run
type services.msc

Scroll to the "Romote Procedure Call" option and select properties...
You will find on the second tab the option of what to do when it fails... just select "Restart the service" in all the boxes..

[harish_21_10]

Quote:

Originally Posted by NikhilVerma

Here is what U need to do

Goto start --> Run
type services.msc

Scroll to the "Romote Procedure Call" option and select properties...
You will find on the second tab the option of what to do when it fails... just select "Restart the service" in all the boxes..

well thats the solution i have been using for a long time and its an permanent solution for this problem.

temperary solution :
start>run
type "shoutdown -a" (when the error comes)

[club_pranay]

your computer is having a BLAST!!!!


source: http://securityresponse.symantec.com...ster.worm.html

W32.Blaster.Worm is a worm that exploits the DCOM RPC vulnerability (first described in Microsoft Security Bulletin MS03-026)(users are recommended to patch this vulnerability by applying Microsoft Security Bulletin MS03-039) using TCP port 135. The worm targets only Windows 2000 and Windows XP machines. While Windows NT and Windows 2003 Server machines are vulnerable to the aforementioned exploit (if not properly patched), the worm is not coded to replicate to those systems. This worm attempts to download the msblast.exe file to the %WinDir%\system32 directory and then execute it. W32.Blaster.Worm does not have a mass-mailing functionality.

Additional information and an alternate site from which to download the Microsoft patch is available in the Microsoft article, "What You Should Know About the Blaster Worm and Its Variants."

We recommend that you block access to TCP port 4444 at the firewall level, and then block the following ports, if you do not use the following applications:


TCP Port 135, "DCOM RPC"
UDP Port 69, "TFTP"

The worm also attempts to perform a Denial of Service (DoS) on the Microsoft Windows Update Web server (windowsupdate.com). This is an attempt to prevent you from applying a patch on your computer against the DCOM RPC vulnerability.

Click here for more information on the vulnerability that this worm exploits, and to find out which Symantec products can help mitigate risks from this vulnerability.

NOTE: Virus definitions will detect this threat having:
Defs Version: 50811s
Sequence Number: 24254
Extended Version: 8/11/2003, rev. 19

Symantec Security Response has developed a removal tool to clean the infections of W32.Blaster.Worm.
removal tool

go to the site for better understanding
http://securityresponse.symantec.com...ster.worm.html