Re: Ad-Aware and Windows Remote Procedure Call (RPC)
From: Toby Zidle (tobyz7_at_comcast.net)
Date: 09/18/04
- Next message: Ray: "Re: Keyboard langauge changed - not as simple as you think"
- Previous message: Edw. Peach: "Internet links from email and MS Word open two windows"
- In reply to: Bruce Chambers: "Re: Ad-Aware and Windows Remote Procedure Call (RPC)"
- Next in thread: Bruce Chambers: "Re: Ad-Aware and Windows Remote Procedure Call (RPC)"
- Reply: Bruce Chambers: "Re: Ad-Aware and Windows Remote Procedure Call (RPC)"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 18 Sep 2004 13:15:42 -0400
Bruce, there is a firewall via my router. I use an active virus checker
with definitions updated daily. All my incoming/outgoing e-mail is scanned
for viruses. I downloaded and ran "Stinger" (one of your links), which
found no sign of Blaster/Sasser worms.
Staying online long enough to get patches, removal tools, etc., was never an
issue. The ONLY thing that triggered a RPC shutdown was trying to run
Ad-Aware.
I thought the "Start> Run> shutdown -a" (from you and also from Brian) was
an interesting approach. It worked and allowed Ad-Aware to scan to
completion. However, it caused even more severe problems, which I'm about
to describe in a reply to Brian.
Toby
"Bruce Chambers" <bruce_a_chambers@h0tmail.com> wrote in message
news:%23D$bNbZnEHA.3464@tk2msftngp13.phx.gbl...
> Toby Zidle wrote:
> > My recently downloaded Ad-Aware repeatedly triggers a computer shut
> > down.
> >
> > The error message is "Shutdown is initiated by NT AUTHORITY\SYSTEM"
> > because "the Remote Call Procedure (RPC) service terminated
> > unexpectedly".
> >
> > I have tried debugging this from Ad-Aware forums. It is evidently a
> > fairly common fault which no one (least of all the software
> > developer) has a handle on. A common suggestion is the
> > Blaster.Worm.
> > I downloaded 'Stinger' from McAfee, specifically written to be a
> > Blaster removal tool. Stinger did not find Blaster on my system.
> >
> > Now it's time to ask from the Windows support side, are there any
> > ideas on how to fix this problem? What are 'RPC' and 'NT
> > AUTHORITY'?
> >
> > Toby
>
>
> If you connected the PC to the Internet without having first
> enabled a firewall, without having first installed an antivirus
> application with current virus definition files, and before installing
> the KB828471 Hotfix, you're very likely to get infected from any of
> the thousands of PCs on the Internet that are constantly broadcasting
> the Blaster and/or Welchia worms. It only takes a few seconds of
> exposure.
>
> To stay on-line long enough to get the necessary updates, patches,
> and removal tools, click Start > Run, and enter "shutdown -a" when the
> next RPC countdown begins. This will abort the shut down. Also, make
> sure you've enabled a firewall before starting, to preclude any more
> intrusions while getting the updates/patches/tools.
>
> MS04-012 Cumulative Update for Microsoft RPC-DCOM
> http://support.microsoft.com/default.aspx?scid=kb;en-us;828741
>
> What You Should Know About the Blaster Worm
> http://www.microsoft.com/security/incident/blast.asp
>
> W32.Blaster.Worm a.k.a. W32/Lovesan.Worm
> http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html
>
> W32.Blaster.Worm Removal Tool
>
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
>
> W32.Welchia.Worm a.k.a. W32/Nachi.Worm
>
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html
>
> W32.Welchia.Worm Removal Tool
>
http://www.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.html
>
> McAfee AVERT Stinger
> http://us.mcafee.com/virusInfo/default.asp?id=stinger
>
> --
>
> Bruce Chambers
>
> Help us help you:
> http://dts-l.org/goodpost.htm
> http://www.catb.org/~esr/faqs/smart-questions.html
>
> You can have peace. Or you can have freedom. Don't ever count on
> having
> both at once. - RAH
>
>
>
- Next message: Ray: "Re: Keyboard langauge changed - not as simple as you think"
- Previous message: Edw. Peach: "Internet links from email and MS Word open two windows"
- In reply to: Bruce Chambers: "Re: Ad-Aware and Windows Remote Procedure Call (RPC)"
- Next in thread: Bruce Chambers: "Re: Ad-Aware and Windows Remote Procedure Call (RPC)"
- Reply: Bruce Chambers: "Re: Ad-Aware and Windows Remote Procedure Call (RPC)"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
