New virus?

[Betty]

Has anybody had any problems with the RPC on their xp?
I've gotten an error message regarding this and my computer restarted itself.
I wouldn't think too much into it, except that two of my friends have had the exact same thing happen to them, one running xp home (came with the compaq she bought) and I'm not sure about the other. I'm running xp pro.
If I can, I'll grab a screenie of it and post it for you all to see.
It's pi$$ing me off to no end and it's only just begun.

[Betty]

Oh, can't copy/paste, which is another thing that was happening with my friends' computers....and I updated my AVG and continue to get a message saying that my database is too old, yet shows it as being updated only today. :S

[cloasters]

There aren't any new "Critical Updates" at World Domination Central. Right, like MS knows something? A pal said that his Comcast(formerly AT&T Cable) connection was gonesville today. Something about "problems with Win2K and XP" reported from Comcast.

BBBBB won't rest until your problem is fixed, have no doubt.

[Staz]

Is this what you are experiancing betty?

[Aedan]

Betty, is there a firewall between you and the internet? If not, disconnect your machine from the internet!

On another machine (IE, a safe one) follow the link that Staz provided, and download the patch. It should fit on a floppy as it's only 1.2Mb in size.

Install it! Do the same for your friends. RPC is a critical part of Windows that affects just about everything on a windows box.

The problem you've having with RPC is due to a great big wide open hole in the way that RPC works. There is at least one worm that uses the RPC hole to distribute itself, and there's countless programs that'll blow RPC up quite happily. This issue affects Windows NT/2000/XP and 2003!

[barneygumble742]

i had EXACTLY the same problem as betty yesterday. i even thought there was something wrong with xp so i formatted and installed xp, which isn't that big of a deal to me. but that kept on happening after the fresh install.

so i went to the windowsupdate.com site and downloaded ALL the critical updates and patches available. note: before i got the update and patches, i did not have ANY previous updates/patches. so i can't really tell which specific patch it is.

after doing this, i read on slashdot that its a RPC DCOM worm infecting win2k servers. also read on cnn.com that this worm was expected in mid july and affects winxp (home and pro).

after i got the updates, i have not had any problems with xp. and i started freakin' out because in my 10+ years with computers, this is the first time i got affected by a worm/virus.

hope it helps,
barneygumble742

[Daniel ~]

Hi Aedan! Is this download available on the windows update site? i.e. If I have all the updates for 2000 pro, am I reasonably protected?

[Aedan]

Yes, Windows Update includes this particular patch.

Personally, I'd rather not connect a vulnerable machine to the internet, even if it is to patch a known problem. I'd rather get the patch seperately, apply it to the machine, and then connect to the internet.

That way, you don't have to worry about wierd things happening as you're trying to patch your machine. Worst case, it could leave the machine in an unusuable state!

[Daniel ~]

Thanks and understood! How long must we wait to learn the nature of the security hole in the fix!":O}

[Betty]

Alrighty, thanks for the info.
I dropped by my friends' computer store and they're swamped with work in regards to this issue.
So many businesses and individual users here in my home town were hit. Many had firewalls or were behind a router and still got hit.

[Daniel ~]

Looks like this might be a bad one!

[Aedan]

Quote:

Originally Posted by Betty

So many businesses and individual users here in my home town were hit. Many had firewalls or were behind a router and still got hit.

Sounds like firewalls/routers might have been misconfigured to be honest. I've noticed that some firewall/router boxes will allow data back in a port if the computer behind them ever sent data out of that port. Unfortunately, there are a number of ports that should never be open to the internet for various reasons. Thanks to MS, those ports are very easy to take advantage of.

[Betty]

Quote:

Originally Posted by Staz

Is this what you are experiancing betty?

I downloaded the one for win2k for a friend (fresh install) it says that he has to have a minimum of service pack 2 installed...I tried for service pack 4, it didn't like it at the install. grr. I'm trying to get sp 1 and then work my way up, although, I doubt that will make any difference.
I also installed sygate on his machine.
The avg site seems to be working only intermittently. so, as of yet, he's got no anti-virus...I'm reluctant to install norton (I hate norton).
Any advice?

*edit* this machine is fixed...onto the next problem

[Aedan]

If a vulnerable system gets hit during the install of a service pack, it'll probably stop the install. Basically, RPC is an important part of windows, and without it very little works!

[Veky]

It's a global attack, everyone without the security patch was infected.

Symantec released a cleaning utility:

http://securityresponse.symantec.com...oval.tool.html

[funnyperson1]

if your system is shutting down and you want to temporarily stop it so you can download the patch then:

start->run
Then run cmd or command.exe in 98.
At the prompt type in shutdown -a and it should stop the shutdown process .

[Betty]

alrighty, more problems.
My friend has a compaq with the blaster worm. the worm is cleaned out, but it's still malfunctioning, I can't get the rpc started and I can't install the patch because of it. I also can't seem to install a firewall of any sort and the removal tool has consistently shown the computer free of the worm and avg shows no viruses/worms/trojans on the machine.
Can I repair this without having to run the windows xp repair....there's an admin password on the machine that wasn't put there by my friend or any family member (apparently the store she bought it from took the liberty of adding an admin password or compaq did?)

Advice please!!

[Jazz]

Betty try nothing for the password. Ive found that that is the most common compaq password.

[Daniel ~]

Remove the new password! It's my understanding that the creation of a new Admin password lies within the capabilities of the virus.

I'd try Norton's remover. If that fails, you may have to reformat and reinstall.

[Betty]

Quote:

Originally Posted by Daniel ~

Remove the new password! It's my understanding that the creation of a new Admin password lies within the capabilities of the virus.

I'd try Norton's remover. If that fails, you may have to reformat and reinstall.

Okay, when I had to stop working on her machine to go to work I had run compaq's own stupid system recovery thing and apparently the services are re-enabled, but...it's still all buggy....I'm picking the machine up to take home to fix tomorrow after work.
I'll keep you all updated and holler for help some more, I'm sure.

*side note*
I did try nothing for the password...no go. when I talked to the guy that worked at the store that sold her the pos, he was very reluctant to give advice or tell me how to run comcrap's system recovery.