Motherdoyou
08-11-2003, 03:56 PM
NTAuthority\system HELP
My system keeps shuting down called RPC Remote Procedure Call
PLease Help
My system keeps shuting down called RPC Remote Procedure Call
PLease Help
View Full Version : NTAuthority\system HELP
myrkat
08-11-2003, 04:09 PM
I am unclear what you mean: is your machine BEING shut down BY rpc or is your machine shutting down the rpc service?
-myrkat
PS: I am assuming you are running NT4.0sp6a?
-myrkat
PS: I am assuming you are running NT4.0sp6a?
Motherdoyou
08-11-2003, 04:48 PM
Im running xo pro
shutdown is being initiated by nt authority/system
RPC terminiated unexpectedley
Im doing this between shutdowns. at my offoce
shutdown is being initiated by nt authority/system
RPC terminiated unexpectedley
Im doing this between shutdowns. at my offoce
nite
08-11-2003, 09:21 PM
its happening to me too, just when i start to play a game is usually when it happens, it brings up and unclosable window and says you have 60 seconds to save your work before shutdown, 59,58,57... and then it shutsdown, anyone have a solution for this?
Usually happens when i try to play Rise of Nations or Counter-strike, havnt tried to play anything else.
BTW im running XP Home on a p4
Usually happens when i try to play Rise of Nations or Counter-strike, havnt tried to play anything else.
BTW im running XP Home on a p4
bsmith
08-11-2003, 10:17 PM
Go get the Updates at MS it's an RPC exploit. go here http://microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp
Kasteo
08-11-2003, 10:17 PM
You might wanna check this out....
RPC Vulnerability, Exploited
Tonight another round of internet shutdowns has resulted in worried and confused users of Windows 2000/XP and Windows Server 2003.
Please remember to patch your system and check to make sure your firewall is blocking any kind of attack to any of your systems.
W32.Blaster.Worm is a worm that will exploit the DCOM RPC vulnerability(described in Microsoft Security Bulletin MS03-026) using TCP port 135. It will attempt to download and run a file, msblast.exe.
User's should block access to TCP port 4444 at the firewall level. User's should also block the following ports, if they do not use applicaitons listed:
TCP Port 135, "DCOM RPC"
UDP Port 69, "TFTP"
http://www.neowin.net/comments.php?id=13295&category=main
RPC Vulnerability, Exploited
Tonight another round of internet shutdowns has resulted in worried and confused users of Windows 2000/XP and Windows Server 2003.
Please remember to patch your system and check to make sure your firewall is blocking any kind of attack to any of your systems.
W32.Blaster.Worm is a worm that will exploit the DCOM RPC vulnerability(described in Microsoft Security Bulletin MS03-026) using TCP port 135. It will attempt to download and run a file, msblast.exe.
User's should block access to TCP port 4444 at the firewall level. User's should also block the following ports, if they do not use applicaitons listed:
TCP Port 135, "DCOM RPC"
UDP Port 69, "TFTP"
http://www.neowin.net/comments.php?id=13295&category=main
myrkat
08-12-2003, 01:04 AM
Doh, that was my next guess... an intruder.
If you are online, you need a firewall. Period.
-myrkat
If you are online, you need a firewall. Period.
-myrkat
steve_416
08-12-2003, 11:14 AM
You did not patch your version of Windows. Why not? ALWAYS PATCH. PATCHING IS GOOD.
You are infected with a worm. Find another computer to read this message on, so you can remove it from your infected computer.
Step 1: Unplug your computer from the Internet. Right now, as we speak, your computer is sending that worm out to any computer it can find, trying to infect them. Protect your friends. Unplug it from the network.
Step 1 and a half: If you open up a command window (Start -> Run -> type "cmd" and hit Enter), and type "shutdown /a", that is rumored to successfully abort the shutdown. The shutdown might be initiated again later, because this worm sucks, but that should give you extra time to perform the rest of these steps.
Step 2: Go here:
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html
That is Symantec's website (the makers of Norton Antivirus). They have written a tool that will remove the worm from your computer. Put it on a disk from a clean machine, and use the disk to run it on your infected machine.
Step 2 and a half: DO NOT PLUG THE INFECTED MACHINE INTO THE INTERNET YET. You are still vulnerable to being infected again.
Step 3: Go here:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp
Thats Microsoft's website. You can download the patch as a separate executable, instead of running Windows Update. A little more annoying, but that means you can put it on a disk from a clean machine, and run it on the infected machine, without plugging the infected machine into the Internet.
Step 3 and a half: Reboot. When you install a patch, it doesn't do any good until you reboot.
Step 4: Your previously-infected machine should now be both cured, and innoculated against future infection by the worm. It should be safe to plug the computer back into the Internet.
Step 5: PATCH. RUN WINDOWS UPDATE OFTEN. Run it as soon as you're clean, to see what other patches you don't yet have. Then, you should run it about once a week after that. Make it part of your routine. Every Monday morning, when you don't feel like starting work yet, run Windows Update. It'll give you a few extra minutes of day-dream time.
You are infected with a worm. Find another computer to read this message on, so you can remove it from your infected computer.
Step 1: Unplug your computer from the Internet. Right now, as we speak, your computer is sending that worm out to any computer it can find, trying to infect them. Protect your friends. Unplug it from the network.
Step 1 and a half: If you open up a command window (Start -> Run -> type "cmd" and hit Enter), and type "shutdown /a", that is rumored to successfully abort the shutdown. The shutdown might be initiated again later, because this worm sucks, but that should give you extra time to perform the rest of these steps.
Step 2: Go here:
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html
That is Symantec's website (the makers of Norton Antivirus). They have written a tool that will remove the worm from your computer. Put it on a disk from a clean machine, and use the disk to run it on your infected machine.
Step 2 and a half: DO NOT PLUG THE INFECTED MACHINE INTO THE INTERNET YET. You are still vulnerable to being infected again.
Step 3: Go here:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp
Thats Microsoft's website. You can download the patch as a separate executable, instead of running Windows Update. A little more annoying, but that means you can put it on a disk from a clean machine, and run it on the infected machine, without plugging the infected machine into the Internet.
Step 3 and a half: Reboot. When you install a patch, it doesn't do any good until you reboot.
Step 4: Your previously-infected machine should now be both cured, and innoculated against future infection by the worm. It should be safe to plug the computer back into the Internet.
Step 5: PATCH. RUN WINDOWS UPDATE OFTEN. Run it as soon as you're clean, to see what other patches you don't yet have. Then, you should run it about once a week after that. Make it part of your routine. Every Monday morning, when you don't feel like starting work yet, run Windows Update. It'll give you a few extra minutes of day-dream time.
steve_416
08-12-2003, 11:18 AM
As an addition to the above steps: it is also rumored that the first thing the worm does, on any infected machine, is look for Norton Antivirus, McAfee, and other popular anti-virus software, and kills them.
So, even people who have Norton Antivirus should download Norton's separate utility, and use that to remove the worm.
Though, this is all damage control, for people who should have patched, and does not mean you don't have to patch. The writer of the worm might, as we speak, be writing version 2.0 of the worm, that will look for Norton's new utility, and kill that as well.
Of course, Norton will come around with a new utility that kills both version 1.0 and 2.0 of the worm, without being killed by 2.0, but thats when 3.0 comes along...
Or, you can install a simple patch from Microsoft, and even version 39457239.0 of the worm won't be able to touch you.
PATCH!!!
So, even people who have Norton Antivirus should download Norton's separate utility, and use that to remove the worm.
Though, this is all damage control, for people who should have patched, and does not mean you don't have to patch. The writer of the worm might, as we speak, be writing version 2.0 of the worm, that will look for Norton's new utility, and kill that as well.
Of course, Norton will come around with a new utility that kills both version 1.0 and 2.0 of the worm, without being killed by 2.0, but thats when 3.0 comes along...
Or, you can install a simple patch from Microsoft, and even version 39457239.0 of the worm won't be able to touch you.
PATCH!!!
Loki047
08-12-2003, 12:11 PM
Another way to do it without patching would be to run services.msc and than change the response to a svchost failure or something to "take no action" instead of "reboot" you have to go down to RPC something or anohter.... I dont trsut their patches.... BOOO MICROSOFT
bsmith
08-12-2003, 12:40 PM
Originally posted by Loki047
Another way to do it without patching would be to run services.msc and than change the response to a svchost failure or something to "take no action" instead of "reboot" you have to go down to RPC something or anohter.... I dont trsut their patches.... BOOO MICROSOFT
Well if you were hit the first time that means you
A: don't run patches
B: Have no firewall (assuming standalone machine)
C: have no clue about security
in any of the cases above you can still get much worse things happening to you. Changing the recovery settings only hides the problem, it does NOTHING to remedy it. It's like closing your eyes and thinking you're invisible. Just run the patch and get a damn firewall in place. Any firewall.
Another way to do it without patching would be to run services.msc and than change the response to a svchost failure or something to "take no action" instead of "reboot" you have to go down to RPC something or anohter.... I dont trsut their patches.... BOOO MICROSOFT
Well if you were hit the first time that means you
A: don't run patches
B: Have no firewall (assuming standalone machine)
C: have no clue about security
in any of the cases above you can still get much worse things happening to you. Changing the recovery settings only hides the problem, it does NOTHING to remedy it. It's like closing your eyes and thinking you're invisible. Just run the patch and get a damn firewall in place. Any firewall.
steve_416
08-12-2003, 12:40 PM
Originally posted by Loki047
Another way to do it without patching would be to run services.msc and than change the response to a svchost failure or something to "take no action" instead of "reboot" you have to go down to RPC something or anohter.... I dont trsut their patches.... BOOO MICROSOFT
Thats like putting a band-aid on a bullet wound. It blocks one effect of the worm. It doesn't change the fact that the worm now has complete control of your system (and if the worm is smart, it can undo the change you suggest).
If you do not patch, anyone on the Internet, absolutely anyone, can completely take over your computer, and do whatever they want with it. Use it to attack other computers, pop up messages saying "you suck", change your password so you can't log in, crash the computer so there's no possible way to prevent a reboot, or even format your hard drive.
Every time you enter your credit card number, your passwords, download pornography from the Internet, anything, someone could be watching everything you're doing.
Don't be silly. Install the patch.
Another way to do it without patching would be to run services.msc and than change the response to a svchost failure or something to "take no action" instead of "reboot" you have to go down to RPC something or anohter.... I dont trsut their patches.... BOOO MICROSOFT
Thats like putting a band-aid on a bullet wound. It blocks one effect of the worm. It doesn't change the fact that the worm now has complete control of your system (and if the worm is smart, it can undo the change you suggest).
If you do not patch, anyone on the Internet, absolutely anyone, can completely take over your computer, and do whatever they want with it. Use it to attack other computers, pop up messages saying "you suck", change your password so you can't log in, crash the computer so there's no possible way to prevent a reboot, or even format your hard drive.
Every time you enter your credit card number, your passwords, download pornography from the Internet, anything, someone could be watching everything you're doing.
Don't be silly. Install the patch.
bsmith
08-12-2003, 12:41 PM
Heh Steve_416 beat me to it. :smash:
ZeroCool
08-12-2003, 12:42 PM
I never patch my system... I love to be a test bed for a new worm.
:smash: :stupid:
:smash: :stupid:
Loki047
08-12-2003, 01:21 PM
Alright guys i was joking, calm down, i thought that was obvious.... Everyone should do the patch and run the worm fix from Symantec...
But at least someone called it out so no one followed it. :)
But at least someone called it out so no one followed it. :)
bsmith
08-12-2003, 01:33 PM
Ok man withought the smilies It was hard to tell. Besides I have former clients that actualy thought that way.
vBulletin® v3.6.5, Copyright ©2000-2009, Jelsoft Enterprises Ltd.