System Shutdown (RPC)
Page 1 of 3 123 LastLast
Results 1 to 10 of 23

Thread: System Shutdown (RPC)

  1. #1
    Senior Member
    Join Date
    May 2003
    Location
    Rochester, New York
    Posts
    128

    System Shutdown (RPC)


    the only reason it says 152 days is because i changed the date on my machine back a few months


    i keep getting this error message whenever i play a game or use kazaa ect...and it is really getting under my skin. this thing pops up and says i have 60 seconds to log off, then my machine reboots i included a shot of a netstat i did to see if someone is doing this to me. please help this hopeless noob out =]
    -Simo

  2. #2
    I saw this on two machines today since msblast.exe worm has been coming out. See if you have c:\windows\system32\msblast.exe in that directory. If you do, go into its properties and uncheck read only and then delete it.

    It runs itself from \HKEY-Local Machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    and calls itself Windows Auto Update.

    This fixed both of my clients machines machines that were having the same problem. If something else is causing it, I am not sure yet.

  3. #3
    Senior Member
    Join Date
    May 2003
    Location
    Rochester, New York
    Posts
    128
    yeah it was that msblast.exe thing. i deleted it from my reg but whenver i try to delete the file from windows/system32 it keeps telling me access is denied
    -Simo

  4. #4
    Your best bet is to delete the key from the registry given above. Reboot. Find the file in explorer or my computer...right click on it. Uncheck read only. delete it

  5. #5
    Senior Member
    Join Date
    May 2003
    Location
    Rochester, New York
    Posts
    128
    nope, that still wont delete it

    ok i delted it but it still pops up. my anger level slowly rises
    -Simo

  6. #6
    Member
    Join Date
    Jul 2002
    Posts
    39
    Hi!
    The solution posted by Grinler dont work 'cause is a worm and even your have luck and delete msblast.exe, your PC could be infected again. I post a solution at http://www.antionline.com/showthread...294#post652135
    Maybe it could be a efective solution.
    The most important: BLOCK TCP PORT 135!!

    See u!
    Groby

  7. #7
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    Like everyone has mentioned msblast is the culprit, however my roommate had msconfig35.exe on his system, located in %systemroot%\system32 and it seemed to be the problem with his machine.

    I haven't seen this posted yet on here (if I'm wrong, feel free to correct me) but another option, to elminate the shutdown screen (incase it's not msblast.exe but a variant) is to go to Administrative Tools --> Services --> Remote Procedure Call (RPC) --> Recovery Tab --> Change First Failure, Second Failure and Subsequient Failures to Restart the Service, isntead of restart computer.
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  8. #8
    I disagree with your post grobyccil on how to remove this worm. I think reinstalling because of this worm is definitely unnecessary. Granted if you were vulnerable to the worm, then you could have been hacked previously, but to reinstall just because of the worm is over kill.

    The only solution to this exploit is patch your computers so your not vulnerable. Delete the registry key. Delete the file. SImple as that.

    I think most people will not have problems removing the worm and reinstalling is way overkill.

  9. #9
    Senior Member
    Join Date
    May 2003
    Location
    Rochester, New York
    Posts
    128
    i deleted the file from the reg and system32. but the mother ****er keeps coming back. im utterly hopeless

    i cant even breathe im so frustrated. i think im going to have to delete windows
    -Simo

  10. #10
    Member
    Join Date
    Jul 2002
    Posts
    39
    Maybe Grinler but there are other things aside from this worm exploding the RPC vuln and you never know if you have an backdoor or no. I think that if your system is hacked, is reasonable to begin of zero. I have seen many rootkits...
    I'm agree in patch the PC, but I am a litle paranoic man...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •