August 11th, 2003, 09:43 PM
System Shutdown (RPC)
the only reason it says 152 days is because i changed the date on my machine back a few months
i keep getting this error message whenever i play a game or use kazaa ect...and it is really getting under my skin. this thing pops up and says i have 60 seconds to log off, then my machine reboots i included a shot of a netstat i did to see if someone is doing this to me. please help this hopeless noob out =]
August 11th, 2003, 09:49 PM
I saw this on two machines today since msblast.exe worm has been coming out. See if you have c:\windows\system32\msblast.exe in that directory. If you do, go into its properties and uncheck read only and then delete it.
It runs itself from \HKEY-Local Machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and calls itself Windows Auto Update.
This fixed both of my clients machines machines that were having the same problem. If something else is causing it, I am not sure yet.
August 11th, 2003, 10:19 PM
yeah it was that msblast.exe thing. i deleted it from my reg but whenver i try to delete the file from windows/system32 it keeps telling me access is denied
August 11th, 2003, 10:25 PM
Your best bet is to delete the key from the registry given above. Reboot. Find the file in explorer or my computer...right click on it. Uncheck read only. delete it
August 12th, 2003, 01:10 AM
nope, that still wont delete it
ok i delted it but it still pops up. my anger level slowly rises
August 12th, 2003, 02:13 AM
The solution posted by Grinler dont work 'cause is a worm and even your have luck and delete msblast.exe, your PC could be infected again. I post a solution at http://www.antionline.com/showthread...294#post652135
Maybe it could be a efective solution.
The most important: BLOCK TCP PORT 135!!
August 12th, 2003, 02:23 AM
Like everyone has mentioned msblast is the culprit, however my roommate had msconfig35.exe on his system, located in %systemroot%\system32 and it seemed to be the problem with his machine.
I haven't seen this posted yet on here (if I'm wrong, feel free to correct me) but another option, to elminate the shutdown screen (incase it's not msblast.exe but a variant) is to go to Administrative Tools --> Services --> Remote Procedure Call (RPC) --> Recovery Tab --> Change First Failure, Second Failure and Subsequient Failures to Restart the Service, isntead of restart computer.
IT Blog: .:Computer Defense:.
(Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".
August 12th, 2003, 04:02 AM
I disagree with your post grobyccil on how to remove this worm. I think reinstalling because of this worm is definitely unnecessary. Granted if you were vulnerable to the worm, then you could have been hacked previously, but to reinstall just because of the worm is over kill.
The only solution to this exploit is patch your computers so your not vulnerable. Delete the registry key. Delete the file. SImple as that.
I think most people will not have problems removing the worm and reinstalling is way overkill.
August 12th, 2003, 04:22 AM
i deleted the file from the reg and system32. but the mother ****er keeps coming back. im utterly hopeless
i cant even breathe im so frustrated. i think im going to have to delete windows
August 12th, 2003, 05:00 AM
Maybe Grinler but there are other things aside from this worm exploding the RPC vuln and you never know if you have an backdoor or no. I think that if your system is hacked, is reasonable to begin of zero. I have seen many rootkits...
I'm agree in patch the PC, but I am a litle paranoic man...