RPC is shutting down the system in 15 min.
Today we have recievd TONS of calls with this problem. Does anybody else is experiencing this? is there any solutions to this problems? non of my computers at work or at home have this problem, but a Large number of our customers are having this problem.
Today we have recievd TONS of calls with this problem. Does anybody else is experiencing this?
is there any solutions to this problems?
non of my computers at work or at home have this problem, but a Large number of our customers are having this problem. they mostly run Winxp Home and some have Kazaa installed and some don't.
any suggestions/ information will be appreciated.
Edit: Exact same problem, but this time it says "NT Athority" is shutting down your system in **:** min (and there is a count down in all cases).
is there any solutions to this problems?
non of my computers at work or at home have this problem, but a Large number of our customers are having this problem. they mostly run Winxp Home and some have Kazaa installed and some don't.
any suggestions/ information will be appreciated.
Edit: Exact same problem, but this time it says "NT Athority" is shutting down your system in **:** min (and there is a count down in all cases).
Participate on our website and join the conversation
This topic is archived. New comments cannot be posted and votes cannot be cast.
Responses to this topic
Someone finally released a worm that exploits the RPC vulnerability announced in July. Everyone was warned that this would happen and it did.
SARC's writeup:
http://www.sarc.com/avcenter/venc/data/w32.blaster.worm.html
The good news it's really easy to clean.
I've cleaned about six machines today... someone was using it to remotely shut down computers from elsewhere on the net. They were popping up a box that told them it was going to shut them down in 1 minute... then actually counted the seconds down until it did so.
SARC's writeup:
http://www.sarc.com/avcenter/venc/data/w32.blaster.worm.html
The good news it's really easy to clean.
I've cleaned about six machines today... someone was using it to remotely shut down computers from elsewhere on the net. They were popping up a box that told them it was going to shut them down in 1 minute... then actually counted the seconds down until it did so.
Patch all your NT-based systems, quickly, before you help to spread the worm...
Please!
Edit: Here's the TechNet writeup on the patches, etc.
http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-026.asp
Please!
Edit: Here's the TechNet writeup on the patches, etc.
http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-026.asp
The level 4 alert is probably based partially on the percentage of vulnerable systems, approximate percentage of patched systems, rate of attack/spread, etc.
With the quantity of attacks in the past 24+ hours, a level 4 seems about right.
With the quantity of attacks in the past 24+ hours, a level 4 seems about right.
http://www.cert.org/advisories/CA-2003-20.html
Here's the authority on this
Good read on how to avoid and clean
Here's the authority on this
Good read on how to avoid and clean
Note that you could possbily diable the "Remote Procedure Call(Locator)" service on your XP pro/home box as it is usually not required in most situations. This service usually log on as "NT AUTHORITY\NetworkService" which might be the one account for the intrusion of those culprits. I have this service set to "manual" which practically disable it on boot up.
Quote:Note that you could possbily diable the "Remote Procedure Call(Locator)" service on your XP pro/home box as it is usually not required in most situations. This service usually log on as "NT AUTHORITY\NetworkService" which might be the one account for the intrusion of those culprits. I have this service set to "manual" which practically disable it on boot up.
I have always heard that windows needs this service to function properly and that you shouldn't disable it.
I have always heard that windows needs this service to function properly and that you shouldn't disable it.
The RPC Locator service is not the same as the RPC service. To my knowledge, the WS32.Blast worm uses a vulnerability in the RPC service, not RPC locator.
It's a fairly easy worm to defeat, partly because if you're patched, you're not vulnerable, but also because it's a badly written program, and crashes more often than not...
Rgds
AndyF
It's a fairly easy worm to defeat, partly because if you're patched, you're not vulnerable, but also because it's a badly written program, and crashes more often than not...
Rgds
AndyF
Thanks for all the replies
we had two disaster falling on us back to back.
Mon we discovered the worm that we saw first about two weeks ago. (it seemed to go away for some time, that's why we didn't bother with it). 8)
Mon afternoon to Tue evening we were flooded with phone calls about the worm. ;(
Wed mornig we could remove the first of them but our firewall got hit with about 50000000 requests per second and our internet connection died! just because of that one computer.
Thu we had the major blackout, and we couldn't operate on Fri because of that. and today (SAT) we had to fix 60+ systems that came in for service (95% hit by the worm). ;(
i turned on MY computer and there was a crap load of virus on my computer. i have no idea where they came from.
;(
I evantually had to formatted it (i have backup of my files !!!!).
you could see what a nice week i had!
Have a good weekend everyone (what's left of it anyways).
we had two disaster falling on us back to back.
Mon we discovered the worm that we saw first about two weeks ago. (it seemed to go away for some time, that's why we didn't bother with it). 8)
Mon afternoon to Tue evening we were flooded with phone calls about the worm. ;(
Wed mornig we could remove the first of them but our firewall got hit with about 50000000 requests per second and our internet connection died! just because of that one computer.
Thu we had the major blackout, and we couldn't operate on Fri because of that. and today (SAT) we had to fix 60+ systems that came in for service (95% hit by the worm). ;(
i turned on MY computer and there was a crap load of virus on my computer. i have no idea where they came from.
;(
I evantually had to formatted it (i have backup of my files !!!!).
you could see what a nice week i had!
Have a good weekend everyone (what's left of it anyways).
I had a strange event with this just this morning at work. I was surfing the web all of the sudden a white screen popped up and in the middle was the message that my machine was going to shut down in one minute. It had a countdown timer.
The strange thing is my machine has windows ME installed. I thought it was not attacking ME or 98.
How ever I quickly did the three finger salute and shut the program down with no ill effect and no reocurrance of the event.
I dont think it was a pop up ad because I was at 4wheel parts web site at the time. ;(
Has any one else seen this?
The strange thing is my machine has windows ME installed. I thought it was not attacking ME or 98.
How ever I quickly did the three finger salute and shut the program down with no ill effect and no reocurrance of the event.
I dont think it was a pop up ad because I was at 4wheel parts web site at the time. ;(
Has any one else seen this?
