Sign in with
Sign up | Sign in
Your question

Remote Procedure Call

Last response: in Windows XP
Share
June 24, 2004 10:10:45 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

New user of XP today. First time and each time since,
checking email with XP-I got error message...from NT
AUTHORITY SYSTEM (?) something about Remote Procedure
Call. When I did a search on Microsoft with Remote
Procedure Call, Wormblaster virus showed up under one of
the articles. I did a virus scan update and scan and my
report was clean. Anyone know what either NT AUTHO. SYS.
is or Remote Proc. Call?? and waht I should do about it??

Thanks

More about : remote procedure call

Anonymous
June 24, 2004 10:10:46 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

Congratulations!



Your system is infected with the much publicized Sasser worm. You have
allowed
yourself to become infected because of ALL of the following;


1. You have not updated your version of Windows.

2. You are not using an UP TO DATE antivirus program.

3. You connected to the internet without a firewall on your computer.

Until you correct ALL of the above situations, you will remain vulnerable to
infection not only by SASSER, but also by the thousands of other worms,
viruses, trojans, keyloggers, spyware, malware, etc.

Because you do not practice even the most basic level of computer security,
you are not only a threat to yourself but to the entire internet community.
When your machine is infected, it looks for other machines, owned by persons
like yourself who have poor computer security practices, to infect.

First, disconnect from the network.


When the shutdown message appears, go START > Run and type in "shutdown -a"
(without the quotes), and hit the enter key.

Download the Windows critical update and the SASSER removal tool.here are
the

links..



Security Update:



http://www.microsoft.com/downloads/details.aspx?FamilyI...





and the SASSER removal Tool:



http://www.microsoft.com/downloads/details.aspx?FamilyI...


After rebooting, go to the website of the company that makes your antivirus
program and download all the updates that are available. If your antivirus
has expired, you must
purchase a new one.
Third, go to www.zonealarm.com and download the FREE firewall.
Keep your version of Windows updated. Always install any critical patches
that are posted to the Microsoft update website.

Keep you antivirus program up to date. New virus detection signatures are
released nearly on a daily basis, so this is something you should do every
day. Not once a month, or "when I have time", or "when I remember".

Once you have done these things, you will find your internet experience to
be much safer and happier.


Bobby







"baker" <anonymous@discussions.microsoft.com> wrote in message
news:2145601c45a51$3e486840$a401280a@phx.gbl...
> New user of XP today. First time and each time since,
> checking email with XP-I got error message...from NT
> AUTHORITY SYSTEM (?) something about Remote Procedure
> Call. When I did a search on Microsoft with Remote
> Procedure Call, Wormblaster virus showed up under one of
> the articles. I did a virus scan update and scan and my
> report was clean. Anyone know what either NT AUTHO. SYS.
> is or Remote Proc. Call?? and waht I should do about it??
>
> Thanks
Anonymous
June 25, 2004 10:51:18 AM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

Not sasser, but blaster. However, the method to stop the shutdown is the
same.

Information:

http://www.kellys-korner-xp.com/xp_qr.htm#rpc
http://www.pchell.com/virus/msblast.shtml
http://vil.nai.com/vil/content/v_100499.htm
http://www.symantec.com/avcenter/venc/data/w32.blaster....
http://www.bigblackglasses.com/Article.aspx?Article=342

You need the patch described here to protect against it:

MS03-039: A Buffer Overrun in RPCSS Could Allow an Attacker to Run Malicious
Programs
http://support.microsoft.com/?kbid=824146

Problem is, you needed to install the patch BEFORE you got infected to avoid
it.

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP
http://mvp.support.microsoft.com/
Associate Expert - WindowsXP Expert Zone
www.microsoft.com/windowsxp/expertzone
Windows help - www.rickrogers.org

"NoNoBadDog!" <mysocks_bjsledge_AT_pixi.com> wrote in message
news:eIheFclWEHA.4064@TK2MSFTNGP11.phx.gbl...
> Congratulations!
>
>
>
> Your system is infected with the much publicized Sasser worm. You have
> allowed
> yourself to become infected because of ALL of the following;
>
>
> 1. You have not updated your version of Windows.
>
> 2. You are not using an UP TO DATE antivirus program.
>
> 3. You connected to the internet without a firewall on your computer.
>
> Until you correct ALL of the above situations, you will remain vulnerable
to
> infection not only by SASSER, but also by the thousands of other worms,
> viruses, trojans, keyloggers, spyware, malware, etc.
>
> Because you do not practice even the most basic level of computer
security,
> you are not only a threat to yourself but to the entire internet
community.
> When your machine is infected, it looks for other machines, owned by
persons
> like yourself who have poor computer security practices, to infect.
>
> First, disconnect from the network.
>
>
> When the shutdown message appears, go START > Run and type in
"shutdown -a"
> (without the quotes), and hit the enter key.
>
> Download the Windows critical update and the SASSER removal tool.here are
> the
>
> links..
>
>
>
> Security Update:
>
>
>
>
http://www.microsoft.com/downloads/details.aspx?FamilyI...
>
>
>
>
>
> and the SASSER removal Tool:
>
>
>
>
http://www.microsoft.com/downloads/details.aspx?FamilyI...
>
>
> After rebooting, go to the website of the company that makes your
antivirus
> program and download all the updates that are available. If your
antivirus
> has expired, you must
> purchase a new one.
> Third, go to www.zonealarm.com and download the FREE firewall.
> Keep your version of Windows updated. Always install any critical patches
> that are posted to the Microsoft update website.
>
> Keep you antivirus program up to date. New virus detection signatures are
> released nearly on a daily basis, so this is something you should do every
> day. Not once a month, or "when I have time", or "when I remember".
>
> Once you have done these things, you will find your internet experience to
> be much safer and happier.
>
>
> Bobby
>
>
>
>
>
>
>
> "baker" <anonymous@discussions.microsoft.com> wrote in message
> news:2145601c45a51$3e486840$a401280a@phx.gbl...
> > New user of XP today. First time and each time since,
> > checking email with XP-I got error message...from NT
> > AUTHORITY SYSTEM (?) something about Remote Procedure
> > Call. When I did a search on Microsoft with Remote
> > Procedure Call, Wormblaster virus showed up under one of
> > the articles. I did a virus scan update and scan and my
> > report was clean. Anyone know what either NT AUTHO. SYS.
> > is or Remote Proc. Call?? and waht I should do about it??
> >
> > Thanks
>
>
!