What is: REMOTE PROCEDURE CALL (RPC) terminated unexpectedly
Does anyone know what this means? My XP computer gets this pop up ads telling me about this. why is this happening can anyone help me?.
Does anyone know what this means? My XP computer gets this pop up ads telling me about this. why is this happening can anyone help me?
Participate on our website and join the conversation
This topic is archived. New comments cannot be posted and votes cannot be cast.
Responses to this topic
i have no idea what it is, but it is doing it on my comp too. It shuts down everything like every 10 minutes i get a pop up that says generic host process for win32 service has a problem and then the other message pops up and restarts the computer, it is really pissing me off now. someone please tell me how to fix it.
I think I figured this out. click start/control panel/administrative tools/services/remote procedure call (RPC)/recovery then for the three attempts, put 'restart the service' after I did this with mine, its stopped so far
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp
go to this link and download the fix for your version of windows. there is an exploit that crashes the rpc service and causes your machine to reboot.
go to this link and download the fix for your version of windows. there is an exploit that crashes the rpc service and causes your machine to reboot.
http://support.microsoft.com/default.aspx?kbid=327148
Check your event logs for Event ID numbers?
Any particular time your computer receives this "pop up?" ... a triggering event?
Did you run an AV scan?
For those who need an explanation of what RPC does, well .... here is a brief synopsis.
An RPC service configures itself in the registry with a universally unique identifier (UUID) (similar to a globally unique identifier [GUID]). UUIDs are well-known identifiers, unique for each service and common across all platforms. When an RPC service starts, it obtains a free high port and registers that port with the UUID. Some services use random high ports; others try to use the same high ports all the time (if they are available). The port assignment is static for the lifetime of the service.
When a client wants to communicate with a particular RPC service, it cannot determine in advance which port the service is running on. It establishes a connection to the server's portmapper service (on 135) and requests the service it wants by using the service's UUID. The portmapper returns the corresponding port number to the client and closes the connection. Finally, the client makes a new connection to the server by using the port number it received from the portmapper.
Because it is impossible to know in advance which port an RPC service will use, the firewall must permit all high ports through. If your firewall permits this, there is very little reason even to have a firewall...
In the end, no matter how secure your PIX, Checkpoint, Raptor, ISA, Sonicwall, etc firewall is, you need to patch this hotfix.
Check your event logs for Event ID numbers?
Any particular time your computer receives this "pop up?" ... a triggering event?
Did you run an AV scan?
For those who need an explanation of what RPC does, well .... here is a brief synopsis.
An RPC service configures itself in the registry with a universally unique identifier (UUID) (similar to a globally unique identifier [GUID]). UUIDs are well-known identifiers, unique for each service and common across all platforms. When an RPC service starts, it obtains a free high port and registers that port with the UUID. Some services use random high ports; others try to use the same high ports all the time (if they are available). The port assignment is static for the lifetime of the service.
When a client wants to communicate with a particular RPC service, it cannot determine in advance which port the service is running on. It establishes a connection to the server's portmapper service (on 135) and requests the service it wants by using the service's UUID. The portmapper returns the corresponding port number to the client and closes the connection. Finally, the client makes a new connection to the server by using the port number it received from the portmapper.
Because it is impossible to know in advance which port an RPC service will use, the firewall must permit all high ports through. If your firewall permits this, there is very little reason even to have a firewall...
In the end, no matter how secure your PIX, Checkpoint, Raptor, ISA, Sonicwall, etc firewall is, you need to patch this hotfix.
If you are getting this warning with time limited grey box of 1 minute then shuts down then I suggest you run anti virus software.the WSBlaster worm causes this probelem but you have to get a fix here is the url for fix.
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
Also to see if it is there goto start run then type in msconfig click on setup button and if you see WS.blast.exe then it is there uncheck the box.Then goto start my computer right click that then properties than turn off system restore.Why because it is sitting in system restore and cannot be removed but if you goto fix above and then they will direct you to a patch your system will be ok. Good luck.
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
Also to see if it is there goto start run then type in msconfig click on setup button and if you see WS.blast.exe then it is there uncheck the box.Then goto start my computer right click that then properties than turn off system restore.Why because it is sitting in system restore and cannot be removed but if you goto fix above and then they will direct you to a patch your system will be ok. Good luck.
