Problem with Remote Procedure Call Service



Nick Cellino
07-10-2005, 01:22 AM
Twice my computer has shut down unexpectantly because the "Remote
Procedure Call (RPC) Service terminated". What's happening?

Nick

Ted Zieglar
07-10-2005, 01:22 AM
Time for antivirus software. And be sure that it's always up-to-date, starts
with Windows and runs in the background at all times.
--
Ted Zieglar
"You can do it if you try."

"Nick Cellino" <remote2004.mykids@neverbox.com> wrote in message
news:OAwSE$SbFHA.1152@tk2msftngp13.phx.gbl...
> Twice my computer has shut down unexpectantly because the "Remote
> Procedure Call (RPC) Service terminated". What's happening?
>
> Nick
>

Bruce Chambers
07-10-2005, 01:22 AM
Nick Cellino wrote:
> Twice my computer has shut down unexpectantly because the "Remote
> Procedure Call (RPC) Service terminated". What's happening?
>
> Nick
>


As you haven't provided any specific details or error messages,
the following is the result of having to guess what your problem might
be.

If you connected the PC to the Internet without having first
enabled a firewall, without having first installed an antivirus
application with current virus definition files, and before installing
the KB828471 Hotfix, you're very likely to get infected from any of
the thousands of PCs on the Internet that are constantly broadcasting
the Blaster and/or Welchia worms. It only takes a few seconds of
exposure.

To stay on-line long enough to get the necessary updates, patches,
and removal tools, click Start > Run, and enter "shutdown -a" when the
next RPC countdown begins. This will abort the shut down. Also, make
sure you've enabled a firewall before starting, to preclude any more
intrusions while getting the updates/patches/tools.

MS04-012 Cumulative Update for Microsoft RPC-DCOM
http://support.microsoft.com/default.aspx?scid=kb;en-us;828741

What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp

W32.Blaster.Worm a.k.a. W32/Lovesan.Worm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html

W32.Blaster.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

W32.Welchia.Worm a.k.a. W32/Nachi.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html

W32.Welchia.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.html

McAfee AVERT Stinger
http://us.mcafee.com/virusInfo/default.asp?id=stinger

--

Bruce Chambers

Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH

Nick Cellino
07-10-2005, 01:26 AM
Yes, the problem was the W32/Lovesan.Worm which I discovered as soon as
I scanned the HD for viruses. I do run anti-virus software with the
latest virus definition files but on that day it wasn't loaded for some
reason. As you wrote, "It only takes a few seconds of exposure". Could
the virus have disabled the anti-virus software?

Thanks for the help.

Nick

Bruce Chambers wrote:
> Nick Cellino wrote:
>
>> Twice my computer has shut down unexpectantly because the "Remote
>> Procedure Call (RPC) Service terminated". What's happening?
>>
>> Nick
>>
>
>
> As you haven't provided any specific details or error messages,
> the following is the result of having to guess what your problem might
> be.
>
> If you connected the PC to the Internet without having first
> enabled a firewall, without having first installed an antivirus
> application with current virus definition files, and before installing
> the KB828471 Hotfix, you're very likely to get infected from any of
> the thousands of PCs on the Internet that are constantly broadcasting
> the Blaster and/or Welchia worms. It only takes a few seconds of
> exposure.
>
> To stay on-line long enough to get the necessary updates, patches,
> and removal tools, click Start > Run, and enter "shutdown -a" when the
> next RPC countdown begins. This will abort the shut down. Also, make
> sure you've enabled a firewall before starting, to preclude any more
> intrusions while getting the updates/patches/tools.
>
> MS04-012 Cumulative Update for Microsoft RPC-DCOM
> http://support.microsoft.com/default.aspx?scid=kb;en-us;828741
>
> What You Should Know About the Blaster Worm
> http://www.microsoft.com/security/incident/blast.asp
>
> W32.Blaster.Worm a.k.a. W32/Lovesan.Worm
> http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html
>
> W32.Blaster.Worm Removal Tool
> http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
>
>
> W32.Welchia.Worm a.k.a. W32/Nachi.Worm
> http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html
>
>
> W32.Welchia.Worm Removal Tool
> http://www.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.html
>
>
> McAfee AVERT Stinger
> http://us.mcafee.com/virusInfo/default.asp?id=stinger
>


Problem with Remote Procedure Call Service