help, rpc terminating forcing shutdown - Tilted Forum Project Discussion Community

tehblaed · 08-11-2003, 12:22 PM

recently i have been getting errors forcing a shutdown because my "remote procedure call (rpc) was terminated unexpectedly" :\ what do i do? ran adaware and virus scan, nothing.

bermuDa · 08-11-2003, 01:00 PM

maybe something to do with this?

Boot into safemode with networking and download this patch linked from this page. Reboot into normal safemode without networking and apply the patch.

I just fixed that problem myself this morning, I was getting the countdown every time I booted and was getting really pissed off. I haven't seen the message since.

Flippy · 08-11-2003, 01:27 PM

There is a worm circulating around now that exploits this. I agree, patch yourself at microsoft's site. There will be more worms in the future (the current worm has already been halted because it used a distribution site that has been taken offline).

catback · 08-11-2003, 01:46 PM

Something new everyday eh

^dude · 08-11-2003, 03:23 PM

http://microsoft.com/downloads/detai...displaylang=en download that

thecow · 08-11-2003, 03:42 PM

Same thing started happening to me today. I'll try the patch when I get home - hope it works. Is it F8 to get boot options in XP

?

I was trying to figure the problem out earlier, and I noticed a new program listed in the processes. It was called msblast.exe and was located in my windows/system32/ folder. Does anyone have any idea what this is? I have tried every search engine and came up empty. I shut it down, and it automatically restarted a few minutes later - then my comp proceed to keep crashing with the RPC failure. I was wondering if that maybe the worm exploiting the security hole.

Flippy · 08-11-2003, 04:15 PM

Yes, msblast.exe is the worm

http://us.mcafee.com/virusInfo/defau...virus_k=100547

By the way, from what I said before ... about how it only used a select few distribution sites .. apparently this is changing according to reports from some AV company workers. Noone really knows for *sure* yet though.

Pragma · 08-11-2003, 04:48 PM

As referenced above, download the RPC patch from Microsoft.

But really, you should never have had this issue, if you'd kept on top of things. Make sure you go hit WindowsUpdate.com and download all of the latest updates. Microsoft releases security patches for a reason, and it's not because they like making you download files.

thecow · 08-11-2003, 09:56 PM

Just wanted to say thanks to Bermuda, dude, and flippy. My system has now been up for 2 hours without crashing. Woohoo!!

tehblaed · 08-11-2003, 10:38 PM

My Windows Update stopped working for reasons I would not like to list

Lebell · 08-11-2003, 10:43 PM

I got nailed by this worm last night as well.

AND that was with an up-to-date virus file, but I didn't yet install the MS patch.

Oh well.

If anyone is still suffering from this little bastard, Symantic has put out this nifty REMOVAL TOOL for it.

After you follow the directions, PATCH!!!

The Rogue · 08-12-2003, 02:47 PM

Well even though you get the patch there is still a virus on your system which hackers could utilise whenever you're on the net, go to this website for instructions on how to get rid of it - http://securityresponse.symantec.com...oval.tool.html)[url]

Arc101 · 08-12-2003, 03:02 PM

Yep it got me. When it trys to shutdown go to
Start then Run and type in shutdown /a
This will stop your computer shutting down. Then do the following.

1. go to task manager and kill "msblast.exe"
2. do a search for "msblast" and delete the two files that show up.
3. Go to "Run" and type "regedit", delete the key "windows auto update" = msblast.exe " from
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
4.Download the patch from "http://www.microsoft.com/technet/security/bulletin/MS03-026.asp"

5.reboot, install the patch, reboot, and enjoy.
Seems to be working so far.

macthelist · 08-12-2003, 04:38 PM

To which I'll add: many who've had problems patching or removing the worm have found that installing (even temporarily) a client-side firewall like ZoneAlarm (freely downloadable) have found they can apply the patch once ZA stops the worm from using the affected ports.

Details here: http://www.microsoft.com/technet/tre...n/ms03-026.asp

Fearless_Hyena · 08-13-2003, 03:22 PM

hfnetchk and Windows Update are your friends! (believe it or not)

keep those boxes patched!

08-11-2003, 12:22 PM	#1 (permalink)
tehblaed Insane Location: land of the merry	help, rpc terminating forcing shutdown recently i have been getting errors forcing a shutdown because my "remote procedure call (rpc) was terminated unexpectedly" :\ what do i do? ran adaware and virus scan, nothing.

08-11-2003, 01:00 PM	#2 (permalink)
bermuDa don't ignore this--> Location: CA	maybe something to do with this? Boot into safemode with networking and download this patch linked from this page. Reboot into normal safemode without networking and apply the patch. I just fixed that problem myself this morning, I was getting the countdown every time I booted and was getting really pissed off. I haven't seen the message since. __________________ I am the very model of a moderator gentleman.

08-11-2003, 04:48 PM	#8 (permalink)
Pragma I am Winter Born Location: Alexandria, VA	As referenced above, download the RPC patch from Microsoft. But really, you should never have had this issue, if you'd kept on top of things. Make sure you go hit WindowsUpdate.com and download all of the latest updates. Microsoft releases security patches for a reason, and it's not because they like making you download files. __________________ Eat antimatter, Posleen-boy!

08-11-2003, 10:43 PM	#11 (permalink)
Lebell Cracking the Whip Location: Sexymama's arms...	I got nailed by this worm last night as well. AND that was with an up-to-date virus file, but I didn't yet install the MS patch. Oh well. If anyone is still suffering from this little bastard, Symantic has put out this nifty REMOVAL TOOL for it. After you follow the directions, PATCH!!! __________________ "Of all tyrannies, a tyranny exercised for the good of its victims may be the most oppressive. It may be better to live under robber barons than under omnipotent moral busybodies. The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for our own good will torment us without end, for they do so with the approval of their own conscience." – C. S. Lewis The ONLY sponsors we have are YOU! Please Donate!

08-12-2003, 04:38 PM	#14 (permalink)
macthelist Upright	To which I'll add: many who've had problems patching or removing the worm have found that installing (even temporarily) a client-side firewall like ZoneAlarm (freely downloadable) have found they can apply the patch once ZA stops the worm from using the affected ports. Details here: http://www.microsoft.com/technet/tre...n/ms03-026.asp __________________ It's always darkest before the dawn. So if you're going to steal your neighbor's newspaper, dawn's the time to do it.

08-11-2003, 01:27 PM	#3 (permalink)
Flippy Banned Location: Greater Vancouver	There is a worm circulating around now that exploits this. I agree, patch yourself at microsoft's site. There will be more worms in the future (the current worm has already been halted because it used a distribution site that has been taken offline).

08-11-2003, 01:46 PM	#4 (permalink)
catback Psycho Location: North America	Something new everyday eh

08-11-2003, 03:23 PM	#5 (permalink)
^dude Insane	http://microsoft.com/downloads/detai...displaylang=en download that

08-11-2003, 03:42 PM	#6 (permalink)
thecow Crazy Location: Fayetteville, AR	Same thing started happening to me today. I'll try the patch when I get home - hope it works. Is it F8 to get boot options in XP ? I was trying to figure the problem out earlier, and I noticed a new program listed in the processes. It was called msblast.exe and was located in my windows/system32/ folder. Does anyone have any idea what this is? I have tried every search engine and came up empty. I shut it down, and it automatically restarted a few minutes later - then my comp proceed to keep crashing with the RPC failure. I was wondering if that maybe the worm exploiting the security hole.

08-11-2003, 04:15 PM	#7 (permalink)
Flippy Banned Location: Greater Vancouver	Yes, msblast.exe is the worm http://us.mcafee.com/virusInfo/defau...virus_k=100547 By the way, from what I said before ... about how it only used a select few distribution sites .. apparently this is changing according to reports from some AV company workers. Noone really knows for sure yet though.

08-11-2003, 09:56 PM	#9 (permalink)
thecow Crazy Location: Fayetteville, AR	Just wanted to say thanks to Bermuda, dude, and flippy. My system has now been up for 2 hours without crashing. Woohoo!!

08-11-2003, 10:38 PM	#10 (permalink)
tehblaed Insane Location: land of the merry	My Windows Update stopped working for reasons I would not like to list

08-12-2003, 02:47 PM	#12 (permalink)
The Rogue Tilted	Well even though you get the patch there is still a virus on your system which hackers could utilise whenever you're on the net, go to this website for instructions on how to get rid of it - http://securityresponse.symantec.com...oval.tool.html)[url]

08-12-2003, 03:02 PM	#13 (permalink)
Arc101 Addict Location: Nottingham, England	Yep it got me. When it trys to shutdown go to Start then Run and type in shutdown /a This will stop your computer shutting down. Then do the following. 1. go to task manager and kill "msblast.exe" 2. do a search for "msblast" and delete the two files that show up. 3. Go to "Run" and type "regedit", delete the key "windows auto update" = msblast.exe " from HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 4.Download the patch from "http://www.microsoft.com/technet/security/bulletin/MS03-026.asp" 5.reboot, install the patch, reboot, and enjoy. Seems to be working so far.

08-13-2003, 03:22 PM	#15 (permalink)
Fearless_Hyena Hello, good evening, and bollocks. Location: near DC	hfnetchk and Windows Update are your friends! (believe it or not) keep those boxes patched!