hi Sahirh, help me out, some times well almost everytime i cinnect to the internet through my diel-up connection i get a RPC popup and some times i dont even get a popup and my system reboots in 30 Sec, can you tell me what the problem is and what i can do to fix it,
note: i have two ISPs and this happends with both of them and i am running Win XP Pro on my sys.
deathmatrix :?: :?:
mess with the best and die like the rest
Re: Hhheeelllpp RPC Problem :(
15 years 2 months ago #1721
Oops Deathmatrix, I'm afraid it sounds like you've been infected by W32/Msblast otherwise known as msblaster, lovesan etc etc. Its a worm that spreads through a security hole in the Windows Remote Procedure Call Service.
However patching things will be a little difficult for you since you can't get online to download the patch, so we'll just do this the manual way.
First off, start task manager (ctrl+shift+esc) and check for msblast.exe if its there, kill the process. Then go to %winroot%\system32 (where %winroot% is your windows directory, and find the file and delete it.
Now open regedit (by clicking start >> run >> type regedit) and go to this key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
There should be a value like this in the right pane : "windows auto update"="msblast.exe"
Delete that sucker.
We shoulda got rid of it.
I recommend you get yourself a personal firewall like zonealarm (
) or if you already have a firewall block out ports 135, 137 and 139.. this might break your local lan if you don't do it on the correct interface, so just check on what you're doing.
Even if you didn't find this file you could have been infected by any number of variants of the worm.. I recommend you fire up your anti virus scanner (It would appear you're not running one or your definitions are horribly out of date you bad bad boy !)
It is also feasible that someone manually exploited your machine, which is why the virus scanner didn't pick up a signature. The RPC DCOM exploit is available everywhere. I don't think this is likely though as your machine is displaying classic blaster symptoms.
Btw clean up all machines on your local lan, they've all got it by now