Remote Procedure Call

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

New user of XP today. First time and each time since,
checking email with XP-I got error message...from NT
AUTHORITY SYSTEM (?) something about Remote Procedure
Call. When I did a search on Microsoft with Remote
Procedure Call, Wormblaster virus showed up under one of
the articles. I did a virus scan update and scan and my
report was clean. Anyone know what either NT AUTHO. SYS.
is or Remote Proc. Call?? and waht I should do about it??

Thanks
2 answers Last reply
More about remote procedure call
  1. Archived from groups: microsoft.public.windowsxp.newusers (More info?)

    Congratulations!


    Your system is infected with the much publicized Sasser worm. You have
    allowed
    yourself to become infected because of ALL of the following;


    1. You have not updated your version of Windows.

    2. You are not using an UP TO DATE antivirus program.

    3. You connected to the internet without a firewall on your computer.

    Until you correct ALL of the above situations, you will remain vulnerable to
    infection not only by SASSER, but also by the thousands of other worms,
    viruses, trojans, keyloggers, spyware, malware, etc.

    Because you do not practice even the most basic level of computer security,
    you are not only a threat to yourself but to the entire internet community.
    When your machine is infected, it looks for other machines, owned by persons
    like yourself who have poor computer security practices, to infect.

    First, disconnect from the network.


    When the shutdown message appears, go START > Run and type in "shutdown -a"
    (without the quotes), and hit the enter key.

    Download the Windows critical update and the SASSER removal tool.here are
    the

    links..


    Security Update:


    http://www.microsoft.com/downloads/details.aspx?FamilyId=3549EA9E-DA3F-43B9-A4F1-AF243B6168F3&displaylang=en


    and the SASSER removal Tool:


    http://www.microsoft.com/downloads/details.aspx?FamilyID=76C6DE7E-1B6B-4FC3-90D4-9FA42D14CC17&displaylang=en


    After rebooting, go to the website of the company that makes your antivirus
    program and download all the updates that are available. If your antivirus
    has expired, you must
    purchase a new one.
    Third, go to www.zonealarm.com and download the FREE firewall.
    Keep your version of Windows updated. Always install any critical patches
    that are posted to the Microsoft update website.

    Keep you antivirus program up to date. New virus detection signatures are
    released nearly on a daily basis, so this is something you should do every
    day. Not once a month, or "when I have time", or "when I remember".

    Once you have done these things, you will find your internet experience to
    be much safer and happier.


    Bobby


    "baker" <anonymous@discussions.microsoft.com> wrote in message
    news:2145601c45a51$3e486840$a401280a@phx.gbl...
    > New user of XP today. First time and each time since,
    > checking email with XP-I got error message...from NT
    > AUTHORITY SYSTEM (?) something about Remote Procedure
    > Call. When I did a search on Microsoft with Remote
    > Procedure Call, Wormblaster virus showed up under one of
    > the articles. I did a virus scan update and scan and my
    > report was clean. Anyone know what either NT AUTHO. SYS.
    > is or Remote Proc. Call?? and waht I should do about it??
    >
    > Thanks
  2. Archived from groups: microsoft.public.windowsxp.newusers (More info?)

    Not sasser, but blaster. However, the method to stop the shutdown is the
    same.

    Information:

    http://www.kellys-korner-xp.com/xp_qr.htm#rpc
    http://www.pchell.com/virus/msblast.shtml
    http://vil.nai.com/vil/content/v_100499.htm
    http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html
    http://www.bigblackglasses.com/Article.aspx?Article=342

    You need the patch described here to protect against it:

    MS03-039: A Buffer Overrun in RPCSS Could Allow an Attacker to Run Malicious
    Programs
    http://support.microsoft.com/?kbid=824146

    Problem is, you needed to install the patch BEFORE you got infected to avoid
    it.

    --
    Best of Luck,

    Rick Rogers, aka "Nutcase" - Microsoft MVP
    http://mvp.support.microsoft.com/
    Associate Expert - WindowsXP Expert Zone
    www.microsoft.com/windowsxp/expertzone
    Windows help - www.rickrogers.org

    "NoNoBadDog!" <mysocks_bjsledge_AT_pixi.com> wrote in message
    news:eIheFclWEHA.4064@TK2MSFTNGP11.phx.gbl...
    > Congratulations!
    >
    >
    >
    > Your system is infected with the much publicized Sasser worm. You have
    > allowed
    > yourself to become infected because of ALL of the following;
    >
    >
    > 1. You have not updated your version of Windows.
    >
    > 2. You are not using an UP TO DATE antivirus program.
    >
    > 3. You connected to the internet without a firewall on your computer.
    >
    > Until you correct ALL of the above situations, you will remain vulnerable
    to
    > infection not only by SASSER, but also by the thousands of other worms,
    > viruses, trojans, keyloggers, spyware, malware, etc.
    >
    > Because you do not practice even the most basic level of computer
    security,
    > you are not only a threat to yourself but to the entire internet
    community.
    > When your machine is infected, it looks for other machines, owned by
    persons
    > like yourself who have poor computer security practices, to infect.
    >
    > First, disconnect from the network.
    >
    >
    > When the shutdown message appears, go START > Run and type in
    "shutdown -a"
    > (without the quotes), and hit the enter key.
    >
    > Download the Windows critical update and the SASSER removal tool.here are
    > the
    >
    > links..
    >
    >
    >
    > Security Update:
    >
    >
    >
    >
    http://www.microsoft.com/downloads/details.aspx?FamilyId=3549EA9E-DA3F-43B9-A4F1-AF243B6168F3&displaylang=en
    >
    >
    >
    >
    >
    > and the SASSER removal Tool:
    >
    >
    >
    >
    http://www.microsoft.com/downloads/details.aspx?FamilyID=76C6DE7E-1B6B-4FC3-90D4-9FA42D14CC17&displaylang=en
    >
    >
    > After rebooting, go to the website of the company that makes your
    antivirus
    > program and download all the updates that are available. If your
    antivirus
    > has expired, you must
    > purchase a new one.
    > Third, go to www.zonealarm.com and download the FREE firewall.
    > Keep your version of Windows updated. Always install any critical patches
    > that are posted to the Microsoft update website.
    >
    > Keep you antivirus program up to date. New virus detection signatures are
    > released nearly on a daily basis, so this is something you should do every
    > day. Not once a month, or "when I have time", or "when I remember".
    >
    > Once you have done these things, you will find your internet experience to
    > be much safer and happier.
    >
    >
    > Bobby
    >
    >
    >
    >
    >
    >
    >
    > "baker" <anonymous@discussions.microsoft.com> wrote in message
    > news:2145601c45a51$3e486840$a401280a@phx.gbl...
    > > New user of XP today. First time and each time since,
    > > checking email with XP-I got error message...from NT
    > > AUTHORITY SYSTEM (?) something about Remote Procedure
    > > Call. When I did a search on Microsoft with Remote
    > > Procedure Call, Wormblaster virus showed up under one of
    > > the articles. I did a virus scan update and scan and my
    > > report was clean. Anyone know what either NT AUTHO. SYS.
    > > is or Remote Proc. Call?? and waht I should do about it??
    > >
    > > Thanks
    >
    >
Ask a new question

Read More

Microsoft Windows XP