 |
|
You are not logged in! F.A.Q Log in Register |
 |
|
 |
 Now online (1)big ...and 400 guests Last 5 registered Oplandisks nothingstar N_loop yipe foxtrotromeo Browse members... |
 |
Members 8025Messages 2614125 Today 4 Topics 127542 |
|
|||||||||
| |||||||||
|
|
I keep getting a system shutdown error, it's turning my PC off as soon as I get on, it gives me a minute arrghh!!! BRB with more info |
||||||||
|
|
|||||||||
| |||||||||
|
|
It says Windows must now restart because the Remote Procedure Call service terminated unexpectedly This shutdown was initiated by the NT AUTHORITY\SYSTEM Help!!!! |
||||||||
|
|
|||||||||
| |||||||||
|
|
Godfuckingdammit, it's doing it every time without fail now... I have no idea what's going on... but if anyone does, I'll suck your toes for a week if you help me! *disapears again* |
||||||||
|
|
|||||||||
| |||||||||
|
|
That sounds alot like it would have been achieved through a trojan horse. but that would just be speculation on my part. |
||||||||
|
|
|||||||||
| |||||||||
|
|
my toes you say? well it's a tempting offer, there's no doubt about that but i'm too busy eating and watching tv. sorry. |
||||||||
|
|
|||||||||
| |||||||||
|
|
temp fix.. in your control panel, go to administrative tools then to components services. then under the folder on the left you will see something that says Services ( local ) then on the right hand side scroll down to the "remote procedure call" highlight it right click and go to properties, then you can choose what happens when your rpc has a problem. it is automatically set to reboot in 30 seconds or something, but u can set it to do nothing or to run a program or a command line . are you running any p2p file sharing pgms? do a virus scan as soon as you are operational.. |
||||||||
|
|
|||||||||
| |||||||||
|
|
http://securityresponse.symantec.com/avcenter/security/Cont ent/8205.html hmm.. |
||||||||
|
|
|||||||||
| |||||||||
|
|
*bumps |
||||||||
|
|
|||||||||
| |||||||||
|
|
same problem? |
||||||||
|
|
|||||||||
| |||||||||
|
|
you've probably got a trojan worm. the same shit happened to my comp almost a year ago. get norton anti-virus and clean that shit up. Or, look for a file like this: "SOFUNNY.EXE" or "msdos34" actually i'm not completely sure on the msdos one - i know it starts with msdos because it's disguised as a system file, but it isn't. it definitely ends with a two-digit number. |
||||||||
|
|
|||||||||
| |||||||||
|
|
Cheers for responding guys - especially pomme. I managed to keep it on long enough to nuke it with Norton thanks to that temp fix. Did it just before the missus tried to format the drive, phew!!! |
||||||||
|
|
|||||||||
| |||||||||
|
|
Fuck, this is happening to me now. I already scanned it with McAfee, but it said it found nothing... |
||||||||
|
|
|||||||||
| |||||||||
|
|
i am so sleepy. please slaughter me. says: omg i am so sleepy. please slaughter me. says: help kaleb! i am so sleepy. please slaughter me. says: do you know what this means "generic hot process for win32 services has encountered a problem and needs to close" i am so sleepy. please slaughter me. says: and it keeps popping up, then shutting down my comp automactically... |
||||||||
|
|
|||||||||
| |||||||||
|
|
i went to check an email while my brother was making himself a sandwhich. I saw he had this in his MSN message box and i thought i'd post it here. I'll tell him i did and maybe this can be fixed? |
||||||||
|
|
|||||||||
| |||||||||
|
|
http://housecall.trendmicro.com/ go here and get a scan online.. alot of times this thing will pick up stuff other pgms miss.. |
||||||||
|
|
|||||||||
| |||||||||
|
|
argh, i get the same thing!!! 10 se xleft shit1 |
||||||||
|
|
|||||||||
| |||||||||
|
|
Fuck, what is it with this thing? Actually I haven't killed it, it's still going on... I've turned off the reset thing but it's still there... I ran the online virus check and it turned out clean, but it's there man. If anyone figures out how to really fuck this thing up and destroy it's testicles, post it puuulease. |
||||||||
|
|
|||||||||
| |||||||||
|
|
Generic Host Process for Win32 Services? What the fuck is that? szAppName : svchost.exe szAppVer : 5.1.2600.0 szModName : unknown szModVer : 0.0.0.0 offset : 00000000 |
||||||||
|
|
|||||||||
| |||||||||
|
|
Thanks alex. And thanks pomme. It seemed to work i guess but maybe not permenantly according to Jar's last post. Hmmm When i talk to sylvia later i'll see if things are fixed for good. There has to be a solution out there! |
||||||||
|
|
|||||||||
| |||||||||
|
|
For me it all started with tftp.exe trying to connect to the internet. I blocked and all hell broke loose getting hte same as Jar. Restarted and allowed it then msblast,exe tried to connect. Same problem. I searched for the files and msblast.exe was made today. |
||||||||
|
|
|||||||||
| |||||||||
|
|
Holy SHIT, I went through the EXACT same thing today, drove me to near tears. I unchecked ''allow remote help'' and ''automatic updates'', and it's fine now. I can't believe we had the same problem. Cosmic... I thought God hated me and me alone. |
||||||||
|
|
|||||||||
| |||||||||
|
|
I took the LITTLE time I had to burn a CD full of important files incase I was fucked... hehe, tense moments. My burner trying to outrun my system crash. Man. Had to wipe sweat from my brow. |
||||||||
|
|
|||||||||
| |||||||||
|
|
The house call scan turned up something with "worm" in the title, and cleaned it. Everything seems okay right now, but we'll see. Either way, thanks, Pomme. |
||||||||
|
|
|||||||||
| |||||||||
|
|
Discovered on August 11, 2003, Worm/Lovsan.A, attempts to use the RPC Buffer Overrun vulnerability (a security hole) within un-patched Microsoft Windows NT, Windows 2000, Windows XP and Microsoft Windows server(TM) 2003 operating systems. This Internet worm does not afDiscovered on August 11, 2003, Worm/Lovsan.A, attempts to use the RPC Buffer Overrun vulnerability (a security hole) within un-patched Microsoft Windows NT, Windows 2000, Windows XP and Microsoft Windows server(TM) 2003 operating systems. This Internet worm does not affect Linux, Unix and Apple users.fect Linux, Unix and Apple users. |
||||||||
|
|
|||||||||
| |||||||||
|
|
Worm/Lovsan.A will download and run the file msblast.exe using the Trivial File Transfer Protocol (Tftp). |
||||||||
|
|
|||||||||
| |||||||||
|
|
That was it, I believe. |
||||||||
|
|
|||||||||
| |||||||||
|
|
Press Release Source: Central Command, Inc. Internet Virus Alert: Central Command Warns Of New RPC Computer Worm Named Worm/Lovsan.A Monday August 11, 7:00 pm ET New Internet worm exploiting the known RPC Buffer Overrun vulnerability gains momentum http://biz.yahoo.com/prnews/030811/nym178_1.html |
||||||||
|
|
|||||||||
| |||||||||
|
|
[giginger] Just checked my firewall. It's going mental. SVCHOST.EXE SVCHOST.EXE modem-2653.bear.dialup.pol.co.uk 11 [giginger] Allow activity for application 72 Inbound TCP [giginger] That's where it's sending info and receiving it from. [giginger] Created a new firewall rule to stop anything at that address. let's see if that works |
||||||||
|
|
|||||||||
| |||||||||
|
|
This appears to be a new security issue for the loveable ol' Microsoft. Get the patch here asap: and all will be well. (Only needed for systems running Windows NT 4.0 Server Windows NT 4.0 Terminal Server Edition Windows 2000 Windows XP 32 bit Edition Windows XP 64 bit Edition Windows Server 2003 32 bit Edition Windows Server 2003 64 bit Edition) Who'd have thought that WinME would have a benefit, eh? |
||||||||
|
|
|||||||||
| |||||||||
|
|
thats the only thing winMe has going for it. It never seems to have these strange security holes. Proly because no one wants to fuck up computers running winME because they feel sorry for people who use it. that and winME is plenty fucked up without any outside help. |
||||||||
|
|
|||||||||
| |||||||||
|
|
indeed. :( |
||||||||
|
|
|||||||||
| |||||||||
|
|
fuckin hell....here we go again.... |
||||||||
|
|
|||||||||
| |||||||||
|
|
I've never gotten windows' security patches, and my computer has never been killed by any such thing. And just get symantec ghost, do a clean install with all your needed programs and then make a ghost image. Now I just have to install one things rather than 5 million things. |
||||||||
|
|
|||||||||
| |||||||||
|
|
bump |
||||||||
|
|
|||||||||
| |||||||||
|
|
again, i would recommend that you download the on a remote computer (requres 7 free floppys), and boot with it. Don't know if it will fix it, but i have seen it deal with worse problems. If it still fucks up, try the Windows XP rebiuld-thingy on the Windows XP boot cd |
||||||||
|
|
|||||||||
| |||||||||
|
|
This is on the intranet in work : Hi all, To assist our customers currently experiencing problems with the PC rebooting due to the W32.Blaster.worm, please use the following email template to send them information regarding the Microsoft patch to resolve the problem. To send the email carry out the following. Goto the general email section relevent to your product support. Click Blank email template. Cut and paste the details below into the email and send to the customer. Thanks John ........................................................... ............................................. Ntl:home customers may currently be experiencing problems with their PC arising from a possible Windows vulnerability. The virus/worm in question which exploits this vulnerability is called W32.Blaster.Worm and it affects the following versions of windows:- Microsoft IIS, Windows 2000, Windows NT, Windows XP. In order to prevent your machine from repeatedly rebooting please visit the following link:- http://www.microsoft.com/technet/treeview/?url=/technet/sec urity/bulletin/MS03-026.asp Choose the link, which matches your operating system (Windows XP users should in most cases select the link entitled "Windows XP 32 bit Edition"). On the following page Click the "Download" link on the right. A dialogue box will appear in which you should select the "Run this program from its current location" option, and then click 'OK'. Follow the instructions clicking 'Next' where appropriate. Restart your machine when requested to do so by the patch. You should now find that your PC and connection are restored to a working state. Prior to downloading this patch, ntl:home advise that you ensure your firewall and antivirus software is running at all times If you continue to experience problems of the same nature, please call the Technical Support Bureau on your relevant support number. Regards, ntl: Support Team Technical Support Bureau |
||||||||
|
|
|||||||||
| |||||||||
|
|
i have downloaded AVG and am scanning my other pc as we speak -- still hasn't found anything. |
||||||||
|
|
|||||||||
| |||||||||
|
|
thanks everybody for posting the link for the patch! glad to know i'm not the only one to end up with this horrific beast -- atleast this means there's a solution! |
||||||||
|
|
|||||||||
| |||||||||
|
|
There is always a solution, though it sometimes = reinstalling. Hope it works out. |
||||||||
|
|
|||||||||
| |||||||||
|
|
every call I've had today has been about this. I've been here 20 mins and that's all that I've heard "my pc keeps restarting !!!" It's gonna be a hell of a day =o\ |
||||||||
|
|
|||||||||
| |||||||||
|
|
Thanks people. Hopefully I'll be getting this sorted. You should link them to this board pOgO :D |
||||||||
|
|
|||||||||
| |||||||||
|
|
another thing to to do is to disconnect from the internet, enable a firewall then reconnect. This should resolve it enough for you to download the patch as it seems to be going for open ports |
||||||||
|
|
|||||||||
| |||||||||
|
|
I d/led the patch this morning - did I do the right thing? :/ |
||||||||
|
|
|||||||||
| |||||||||
|
|
eep dunno we'll see when we get home, we can always download it again There's 100 call queueing atm and they're ALL about this stupid fugging thing bet it's on the news tonight |
||||||||
|
|
|||||||||
| |||||||||
|
|
Actually, it should be fine as long as we keep the firewall running sygate's doing my head in a bit, but I know xp's own is blocking the w32 so I may give that a go |
||||||||
|
|
|||||||||
| |||||||||
|
|
getting some info in form microsoft in a sec (hopefully =os) will keep you updated try pressing F10 if your still getting the restart error, it may cancle the restart |
||||||||
|
|
|||||||||
| |||||||||
|
|
uuummm.... okay it looks like the virus is changing cause the calls that seem to be coming in now are having errors when trying to enable XP's firewall Yavo : what time are you finishing? I'm finishing @ 4, if you get home before me, don't do anything till I get there |
||||||||
|
|
|||||||||
| |||||||||
|
|
Later than 4, more like 6 I think deleting the msblast.exe is a good idea for a start |
||||||||
|
|
|||||||||
| |||||||||
|
|
I don;t think it actulayy stays on the pc, it's more like a DOS attack that just goes for open ports |
||||||||
|
|
|||||||||
| |||||||||
|
|
my ISP got the virus yesterday evening and because of that i had no internet access until 9am this morning. update your scan engines, folks! blah! w32/blaster |
||||||||
|
|
|||||||||
|
Messageboard index
|
|||||||||
