Help! Computer keeps restarting!

vbimport

#1

Ok… i don’t know whats going wrong with my comp… i didin’t install anything or download anything recently… maybe except email… It was working fine all along
But today I turned on comp… and after around 2 mins(after bootup)… a popup comes up and says the Remote Procedure Call service terminated unexpectedly and computer needs restart, and a countdown timer is set 1minute, and it tells me to save all work… I can’t stop it or anything…i don’t know what’s going on… i’m using winxp pro… cpu fan is functioning fine and its not the processor overheating…

I don’t think its a virus… but if anyone hears of anything similar and its due to virus… then tell me plz…

Plz help…


#2

Did you ever mess with the services? Check them, put RPC on auto if need be. Usually an abrupt restart is due to lack of power (poor/low power supply) but since in your case you get this message first its probably something software driven. Check Microsoft MSKB you never know if others have experinced the same.


#3

No i didin’t mess with those settings…

damn here it goes again


#4

Here are the screenshots… sometimes the first error appears too… but I can just drag that aside… but a few sec later… the second error appears… most likely they’re related…

http://www.angelfire.com/sc3/skyline/error.html


#5

Did you install the RPC patch ?


#6

http://homepage.ntlworld.com/michaelgadge/shutdownproblem.htm

ok gents / ladies go to link above seems like its a big issue right now , issue posted on warp2search.
i think moderators need a seperate post for this issue. hope it helps


#7

MR B Just beat me to it !!


#8

Much thanks to all of you guys… for the patch and especially that link… I first tried patch… but couldn’t install it cause computer would restart before it could finish(LoL…) but the shutdown -a command surely worked and shutting off msblast.exe ended that story completely…
My computer now works perfectly again…


#9

I’m glad it works ok.

I’d suggest updating the signatures of your virusscanner. If you do not have a virusscanner , you can get a pretty good one for free at www.grisoft.com.

Also , check your system for this worm. It’s known to exploit the RPC vulnerability.

And keep your system updated via www.windowsupdate.com. If you do have a continous internet access , you can configure the windows update manager to constantly keep your system up to date (though i don’t really recommend using that feature since there sometimes are microsoft updates that do more harm than good).


#10

So far 5 friends of mine got hit with this. I directed each one to the website Mr. B was nice enough to provide…you da man

How did so many people get hit with this? Wholy shit!!!
One friend even has a firewall and Norton set to alert…Oy…


#11

Originally posted by xtacydima
How did so many people get hit with this? Wholy shit!!!

How should i put thise nicely ?

Ignorance is not always bliss ? :bigsmile:

Kdding aside , it’s because most people do not care. They got them computer just like they got them toasters , coffee machines and a car. You don’t check www.volkswagenupdate.com or www.toastermachineupdates.com regulary as well to check if they got new firmware upgrades for your machines :bigsmile:


#12

This happened to me today, I was so freaked out and clueless as to how it happened, my game computer had been off for more than 48 hours!

It started warning me of low diskspace too so I kept trying to delete some files, but it reset every minute so I must have restarted 20 times and then it just stopped on it’s own…though I have yet to restart it again.

BTW Belvedere is right, if you have a quality virus scanner update your defs…it helped me (right as I’m typing this!)

So is the final solution just to update virus definitions and treat it like a standard virus and/or to use the RPC patch?


#13

Originally posted by BadReligionPR
So is the final solution just to update virus definitions and treat it like a standard virus and/or to use the RPC patch?

Both of course.

If you want to know more about the exploits regarding RPC , try securityfocus.org.


#14

See… the reason I originally doubted it was a virus is because I have norton antivirus 2003, i always update every 2 weeks(and yesterday happened to be the day just before the 2 week mark) -_-’’ I also have router firewall enabled, winxp firewall enabled. DIdin’t download anything in particular, but i guess it was through email…


#15

Actually just read on here, that it doesn’t have to do with email:

http://firingsquad.gamers.com/news/newsarticle.asp?searchid=5351


#16

Boxes with RPC installed and activated are hardest hit, in particular XP boxes. Here is my log on the atttempts:

Details: Intrusion: Invalid TCP Flags
Intruder: js1.hitbox.com(64.154.81.15)
Risk Level: Medium
Source IP address: js1.hitbox.com(64.154.81.15)
Destination IP address: 202.64.12.147
TCP Source Port: http(80)
TCP Destination Port: 1201
TCP Flags invalid: 0x00000a44.

Click on the address to trace the attacker

Details: TCP non-syn/non-ack packet on invalid connection. Packet has been dropped
Source IP address: 64.246.6.121
Destination IP address: 202.64.12.147
TCP Source Port: http(80)
TCP Destination Port: 1124
TCP Message Flags: 0x00000004

A large number on logs like the above in my firewall, with so many non synchronous and non-acknolwdgeed packets from everywhere; alien resurrections! :wink:

Take care. :slight_smile:


#17

Since we brought this up, these 2 links might be useful:

Known ports list 1
Known ports list 2

Enjoy :wink:


#18

This is a worm that uses the DCOM RPC, (Distributed Component Object Model) (Remote Procedure Call), which is most likely used on TCP/IP port 135, with a good compile of it. I’m pretty such an anti-virus will pick it up and quarantine it until you can download the patch, then delete it totally.


#19

Originally posted by AudioPhile1
This is a worm that uses the DCOM RPC, (Distributed Component Object Model) (Remote Procedure Call), which is most likely used on TCP/IP port 135, with a good compile of it. I’m pretty such an anti-virus will pick it up and quarantine it until you can download the patch, then delete it totally.

My norton antivirus 2003 is always on… i update definitions every 2 weeks and autoprotect is enabled… it didin’t pick it up…


#20

Although its pretty impossible to dsable the “Remote Procedure Call” service on XP, since a long list of dependencies on this XP service is needed; it is quite adequate to disable the service called"remote procedure call locater" sevice, simple set it to “manual” or “disable” wold practically stop remote DCOM components to be potentially located and executed, which IMO is a better long-term :wink: preventive measure. take care :slight_smile: as long as you dont use some futureman distributed net-centric softs. :wink: