calling Remote Procedure Call and Shutting down system automatically
Results 1 to 9 of 9

Thread: calling Remote Procedure Call and Shutting down system automatically

  1. #1
    Junior Member
    Join Date
    May 2004
    Posts
    8

    Question calling Remote Procedure Call and Shutting down system automatically

    whenever i'm using internet through window's XP through dail-up connection, it connects the server but after one minute a massage flashed "Window NT Authorization calling Remote Procedure Call and a timer starts to shut down the system) with in 30 seconds the autoshudown process starts.

    but whenver i used internet through LAN it works properly .

  2. #2
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,024
    Sounds like blaster.... Hit ctrl alt del and see if the process msblaster.exe is running.

  3. #3
    Trumpet-Eared Gentoo Freak
    Join Date
    Jan 2003
    Posts
    992
    Rmove Blaster with this,

    http://securityresponse.symantec.com...oval.tool.html

    Then update your XP, use AV and use a firewall when on internet.

    Greetz
    Come and check out our wargame-site @ http://www.rootcontest.org
    We chat @ irc.smdc-network.org #lobby

  4. #4
    Member
    Join Date
    Oct 2002
    Posts
    56
    go here

    Get the no reboot hack. All it is is a bat file that aborts any attempt to shut your computer down. Get the removal tools and patches for both the blaster and the sasser worm off of that page and you'll be good.

    note: while the noboot.bat is running you won't be able to shut your computer down if you need to restart after running the patches or removal tools so make sure to close it
    -gunder
    So much to learn, so little time.

  5. #5
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Posts
    1,164
    Yeah, the reboot hack is basically opening a command prompt and typing 'shutdown -a 9999' or something similar. The two conflict, and your machine doesn't shut down. This should give you enough time to hit Windows Update and get the fixes...

    Also, the problem is that this is an exploit that's abused through an RPC hole in lsass.exe (if my sources are correct, there's so many out there!). Not a virus, but a hole. Reason it probably bailed on your LAN is because it couldn't be reached (good thing).
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

  6. #6
    Banned
    Join Date
    Nov 2003
    Posts
    182
    Vorlin ... Now there's a name I haven't seen in quite some time. How are you buddy?

    -Quad

  7. #7
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Posts
    1,164
    Originally posted here by SexyBadGirl
    Vorlin ... Now there's a name I haven't seen in quite some time. How are you buddy?

    -Quad
    Haha, nice..good to see another name that I haven't seen in a while! Not too bad, actually, just putzing around, doing more postgresql/php than I've ever imagined. You?
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

  8. #8
    Old Fart
    Join Date
    Jun 2002
    Posts
    1,658
    control panel---->administrative tools---->services.
    scroll down to the first RPC (authorities) entry, right click and select properties. Select the recovery tab and for the first, second and third failures select restart the service instead of restart the computer. That will allow you to remain online long enough to download the removal tool for blaster (msblast.exe) or sasser (avserv2.exe), whichever happens to have infected your system.
    Al
    It isn't paranoia when you KNOW they're out to get you...

  9. #9
    Junior Member
    Join Date
    May 2004
    Posts
    1
    eyy... bro...thats no virus...its a winXp bug..try this...go to RUN type SERVICES.MSC look for REMOTE PROCEDURE CALL (RPC) then right click goto PRoperties then goto Revovery
    then in 1st Failure choose "Take No Action", 2nd Failure chooose "Take No Action" and
    3rd Failure chooose "Take No Action",...

    mabuhay...
    mang juan
    \"pag lingkuran ang sambayanan...\"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides