Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Hhheeelllpp RPC Problem :(

Hhheeelllpp RPC Problem :( 13 years 4 weeks ago #1718

hi Sahirh, help me out, some times well almost everytime i cinnect to the internet through my diel-up connection i get a RPC popup and some times i dont even get a popup and my system reboots in 30 Sec, can you tell me what the problem is and what i can do to fix it,
note: i have two ISPs and this happends with both of them and i am running Win XP Pro on my sys.

thnx
deathmatrix :( :?: :?:
mess with the best and die like the rest
The administrator has disabled public write access.

Re: Hhheeelllpp RPC Problem :( 13 years 4 weeks ago #1721

  • sahirh
  • sahirh's Avatar
  • Offline
  • Honored Member
  • Posts: 1700
  • Karma: 0
Oops Deathmatrix, I'm afraid it sounds like you've been infected by W32/Msblast otherwise known as msblaster, lovesan etc etc. Its a worm that spreads through a security hole in the Windows Remote Procedure Call Service.

However patching things will be a little difficult for you since you can't get online to download the patch, so we'll just do this the manual way.

First off, start task manager (ctrl+shift+esc) and check for msblast.exe if its there, kill the process. Then go to %winroot%\system32 (where %winroot% is your windows directory, and find the file and delete it.

Now open regedit (by clicking start >> run >> type regedit) and go to this key
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

There should be a value like this in the right pane :
"windows auto update"="msblast.exe"
Delete that sucker.

Reboot.

We shoulda got rid of it.

I recommend you get yourself a personal firewall like zonealarm (www.zonelabs.com) or if you already have a firewall block out ports 135, 137 and 139.. this might break your local lan if you don't do it on the correct interface, so just check on what you're doing.

Even if you didn't find this file you could have been infected by any number of variants of the worm.. I recommend you fire up your anti virus scanner (It would appear you're not running one or your definitions are horribly out of date you bad bad boy !)

It is also feasible that someone manually exploited your machine, which is why the virus scanner didn't pick up a signature. The RPC DCOM exploit is available everywhere. I don't think this is likely though as your machine is displaying classic blaster symptoms.
Btw clean up all machines on your local lan, they've all got it by now :)

I don't know if you'll be able to view these pages before a reboot but here they are anyway for extra info :
www.zdnet.com.au/newstech/security/story...8600,20277131,00.htm
www.ravantivirus.com/virus/showvirus.php?v=196

As a permanent solution to viruses you might consider switching to this wonderful new product 'Microsoft Linux', available as a free download from www.redhat.com.

hehe don't take the last paragraph too seriously.

Linux: Telling Microsoft "where to go today" since 1991
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
The administrator has disabled public write access.

Re: Hhheeelllpp RPC Problem :( 13 years 4 weeks ago #1736

  • tfs
  • tfs's Avatar
  • Offline
  • Expert Member
  • Posts: 521
  • Karma: 0
OUCH !!!

Some people just can't resist taking a potshot at MS. :roll:
Thanks,

Tom
The administrator has disabled public write access.

Re: Hhheeelllpp RPC Problem :( 13 years 3 weeks ago #1742

  • sahirh
  • sahirh's Avatar
  • Offline
  • Honored Member
  • Posts: 1700
  • Karma: 0
Haha would I ever miss a chance... though Ive gotta admit, after I murdered my RH9 box today I'm laughing on the other side of my face (how do you do that exactly) :roll:

Lol, you and I spend wayyy too much time staring at these dark blue, grey and green pages....
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
The administrator has disabled public write access.

Re: Hhheeelllpp RPC Problem :( 13 years 3 weeks ago #1759

  • tfs
  • tfs's Avatar
  • Offline
  • Expert Member
  • Posts: 521
  • Karma: 0
Yeah, I saw that (about your RH9 machine) in your email, but I wasn't going to say anything.

Much to classy for that !!! 8)
Thanks,

Tom
The administrator has disabled public write access.
Time to create page: 0.093 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup