Computer Help

[Guest qstick]

Hello everyone,

I have been battling my computer most of the night. Using Windows XP, dial-up access to the internet.

Until this connection, I have been getting a message that the RPC service has terminated unexpectedly and the computer gives me 60 seconds to get out of everything before it shuts down. This time, for some unknown reason, everything is working properly (I think) but it is very SLOW.

I ran norton (I do keep it updated) and it came back empty...any ideas???

Zach

Late addition - I cleared out the temporary files and changed the setting from using 1100 megabytes to using 10 for these files...it only took 20 minutes to delete them all....would this have any effect?

Edited August 12, 2003 by qstick

[Little Bill]

I JUST got done fighting off the same exact problem. I spent 1 hour on hold with Dell, and then the guy told me how to fix the problem in about 2 minutes. If you computer is running right now with the dialup, go to microsoft.com and then go to the download section and download the patch that says: Windows XP Security Patch: Buffer Overrun In RPC Interface Could Allow Code Execution. This is the patch that fixes this sneaky virus. I have no idea how this one got into my computer through the software security. Before you execute the patch, unhook your computer from the phone line. If you are unable to stay connected (and you are able to read this) you can disable that shut dwn issue temporarly by going to control panel, admin tools, services, and then go to the two Remote Procedural Call services and set the recovery to "Take no action". This is ONLY for information purposes. The guy at Dell had me follow this basic instruction, and I am up and running. Hope that helps. Email me if you want me to try and give clearer instructions. bill_of_oz@sbcglobal.net

[kimel]

Welcome to the wonderful world of the W32.Blaster worm which is spreading across the internet right now. WinXP is targetted as is Win2K. Win NT 4 is vulnerable as well.

See your favorite anti-virus site (Symantec, McAfee, etc) for more info. There is an executable that is installed on your machine by the worm (if it succeeds) which will need to be removed.

If you are behind a firewall block port 135 for both TCP and UDP and that will stop the inbound. Outbound goes port 4444 tcp and 69 udp (I think those two are correct) to one of several tftp servers where it downloads the payload.

If you run Windows NT, 2K, or XP and have not installed the patch mentioned in Microsoft Technet bulleting 03-026 then you are vulnerable. For Win2K you must be Service Pack 3 or higher for the patch to be effective (by some reports anyway).

[Guest qstick]

Thanks guys!!!!!!!!

When I was finally connected long enough for norton to download the latest definitions, and then have my computer shut down again, it restarted and let me know that I had the lovely worm blaster virus.

I followed their directions and made the necessary changes and then went to Microsoft's site and downloaded the patch (Thanks Bill!!!) and restarted the computer.

All seems to be well now, but that is written with guarded optimism.

Thanks for all your help, I am a total computer idiot, but was able to work through the problem with your advice..THANKS

Zach

[SmittyFL]

This damn thing killed me today. I couldn't get any work done. Thanks to you guys, I think I fixed. This forum is good for more than shootin' stuff.

I saw this link after I fixed it. It may help. It's on the MSN web site.

http://msn.com.com/4520-6600_16-5062407.ht...ns&tag=msn_home

[Skywalker]

Just finished to deal with W32.Blast worm.

That damn beast wouldn't die, I thought I had to shoot it wit a.45 to have it lie on its back.

Finally succeded in dismissing it from my computer (and passing it through the waste).

It's incredible how fast they can spread.

In any case, the recommendations to clean up your system are pretty well summarized in Symantec's website.

BTW, I am not prone to thank uncle Bill for the weaknesses and security faults of its stuff...

[B.J. Norris]

I've just finished dueling with this thing myself. I would not tell the RPC to "Take No Action". I tried it, the system shutdown, and I could not get windows to reboot so I could get into to work on it. So I had to break out the System Recovery disk( Of course formatting part of my hard drive). Once that was done, I was able to run the Symantec tool, which told me that W32 Blaster Worm was not present on my system. I found out through trial and error that this worm likes to hangout at BE.com too, so until you get Windows patched DO NOT COME BACK TO THIS WEBSITE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! I don't know if Brian needs to run a system flush or what, but it took me twice it figure out what it was.

Off to set my computer back up again.