Remote Procedure Call reseting, DIE DIE DIE.. WTF help

A friend and I are being anally raped by RPC resets today. All of the sudden NT Authority/System in XP commands a restart cause of RPC failure.

I read a bit about this and it’s someone tinkering with port 135. I installed a firewall and it is happening… and RPC doesn’t reset when that happens. So firewall good… though with firewall active my computer doesn’t seem to run as good.

Anyhow, anyone else getting this bullshit today?

I read about the thing here I believe:

http://securityresponse.symantec.com/avcenter/security/Content/8205.html

What XP patch should I get? Confused about 64 and 32-bit… I have XP Service Pack 1, but not sure which file I should get.

Help me!@#)%s!

There are other ports you should firewall as well. You can “probe” your PC at:
http://grc.com/

32-bit – 64-bit is for Itaniums

Trying calling MS today, too. You’ll get a busy signal.

Same thing happened to me. Tried Windows Update but couldn’t figure out which specific patch I wanted, and I didn’t have time to download them all (since it restarted after a couple of minutes.
Then went this route.

By the way, is this likely the reason why most of the internet is dead to me?

http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html

Someone else from elsewhere was having this exact problem today, here’s what I sent 'em.

Huh. I was having this problem earlier today, too. I just went to MS, downloaded the 28(!) critical updates, and have been fine since. Of course, it rebooted a couple of dozen times during this procedure, but Windows Update always picked up right where it dropped off. When they all downloaded, I just unplugged the ethernet cable while they installed. Rebooted and downloaded the rest of the updates DX9.0b, VIA drivers, etc.

Here’s your problem:

http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100547

This thing has been apparently spreading like the plague in the last 24 hours. Huzzah!

It’s also a virus that installs something on your computer - so you should probably follow the links to remove the thing so you don’t infect more people.

If you’re having problems installing it because you keep getting pegged with rebooting turn on ICF (internet connection firewall) or go into services and change the RPC service to “Do nothing” instead of rebooting when it encounters an error. Either one will allow you enough time to install the Windows Update (it’s one of the critical ones - you don’t have to go searching for it).

This happened to my friend this past Friday night. He asked me what was going on with his computer and I had him download all the Windows patches (always a good idea to check at least ONCE every month.) Then I set him up with a personal firewall.

Problem solved.

Make sure your friend removes the MSBlast.exe from his computer as well

Yeesh, kids, the patch to close this vulnerability was issued back in July.

Windows Update is a Good Thing to Run. At least weekly, if you don’t have automatic updates enabled. (And I’d guess most gamers don’t.)

One of my co-workers told me today that his WinXP machine at home keeps restarting every couple of minutes…

is it because of this virus? I am suspecting that he hasn’t patched his WinXP in ages…

It’s probably this problem.

What all does that grc link do? Just port scans? I am having trouble getting to it. Are there other sites like it?

I’d like to test my comp behind a little 4 port SMC barricade, and Zone Alarm. I am especially curious to see how much protection each piece gives on its own.

olaf

From what I hear it’s pretty nasty. I was at Best Buy last night getting my sound card looked at and the techie there told me they’d been getting massive numbers of calls all day from people with what they were calling the “Restart virus,” since one of the symptoms appears to be the computer restarting every 5 minutes or so.

Here’s an updated Norton fix link:
Symantec Security Response - W32.Blaster.Worm <Symantec Security Center;

Here’s the order of things we’re giving to infected users here today. Your mileage may vary, naturally.

  1. Disconnect from internet
  2. Get Stinger (from clean machine) at vil.nai.com/vil/stinger
  3. Install Stinger (XP ONLY - disable system restore using instructions
    on Stinger web site)
  4. Run Stinger. Delete files that it finds (being careful, of course)
    4a. For XP machines - re-enable system restore
  5. Connect to internet
  6. Run Windows update
  7. Install VirusScan
  8. Manually run VirusScan update to get 4284 drivers
  1. Disconnect from internet
  2. Get Stinger (from clean machine) at vil.nai.com/vil/stinger

You might want to change that order though. :P

I’m curious about that GRC port probe site…does it really accurately reflect your system’s security or does it just reflect that “You have ZoneAlarm, and ZoneAlarm is The Greatest! Send money for the full version now!”?

http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-026.asp

Poops “Your friendly, neighborhood Microsoft Technical Router” McGee