I've got a Windows XP Professional SP1 system that has started rebooting with
"The Remote Procedure Call (RPC) service terminated unexpectedly". It isn't
happening often, but it is a recurring problem. I know this is the classic
symptom of the Blaster worm, however Symantec Anti-Virus 8.1 with virus defs
dated 9/15/2003 says the machine is CLEAN. This system has never been infected
with ANYTHING. I'm very good about quickly installing security (and other)
patches, and the system gets an automatic virus scan every week just to be
sure.

Here's the thing that has me worried: The first crash occured just a few hours
after I installed the KB824146 and KB824105 fixes. I'm afraid Microsoft may
have released these patches without sufficient testing. Any [MSFT] people care
to comment?

--John

John;
Try a System Restore to before the issue started.

As for releasing patches without sufficient testing, I have no
information about.
However the threat for that particular patch is very real.
Especially now that the source code for the vulnerability is available
to the public.
It is only a matter of time (possibly a few days at the most) before
someone exploits it.
Microsoft is under pressure to get a safe reliable patch available
quickly.
Time is the one commodity that is in short supply for the testing
process.

--
Jupiter Jones [MVP]
An easier way to read newsgroup messages:
http://www.microsoft.com/windowsxp/pro/using/newsgroups/setup.asp
http://dts-l.org/index.html


"John McNamee" > wrote in message
...
> I've got a Windows XP Professional SP1 system that has started
rebooting with
> "The Remote Procedure Call (RPC) service terminated unexpectedly".
It isn't
> happening often, but it is a recurring problem. I know this is the
classic
> symptom of the Blaster worm, however Symantec Anti-Virus 8.1 with
virus defs
> dated 9/15/2003 says the machine is CLEAN. This system has never
been infected
> with ANYTHING. I'm very good about quickly installing security (and
other)
> patches, and the system gets an automatic virus scan every week just
to be
> sure.
>
> Here's the thing that has me worried: The first crash occured just
a few hours
> after I installed the KB824146 and KB824105 fixes. I'm afraid
Microsoft may
> have released these patches without sufficient testing. Any [MSFT]
people care
> to comment?
>
> --John
>

Are you running a firewall? Jym



"John McNamee" > wrote in message
...
> I've got a Windows XP Professional SP1 system that has started rebooting
with
> "The Remote Procedure Call (RPC) service terminated unexpectedly". It
isn't
> happening often, but it is a recurring problem. I know this is the
classic
> symptom of the Blaster worm, however Symantec Anti-Virus 8.1 with virus
defs
> dated 9/15/2003 says the machine is CLEAN. This system has never been
infected
> with ANYTHING. I'm very good about quickly installing security (and
other)
> patches, and the system gets an automatic virus scan every week just to be
> sure.
>
> Here's the thing that has me worried: The first crash occured just a few
hours
> after I installed the KB824146 and KB824105 fixes. I'm afraid Microsoft
may
> have released these patches without sufficient testing. Any [MSFT] people
care
> to comment?
>
> --John
>

The system is behind a corporate firewall. It isn't exposed to the Internet,
but the corporate net is large, and thus suffers from security issues of it's
own. A "personal firewall" that blocked the NETBIOS ports wouldn't work for
me, since I use those services on a daily basis. The system is locked down at
the NTFS and share level (e.g. "EVERYONE" group has no write access), but that
doesn't help with buggy OS components.


"Jym" > wrote:

>Are you running a firewall? Jym

This is exactly what would happen if you have an effective anti-virus
program running in the background to stop the msblast.exe
download/install, yet your system is still unpatched and vulnerable to
the RPC buffer overflow exploit.

--
Kent W. England, Microsoft MVP for Windows



"John McNamee" > wrote in message
...
> I've got a Windows XP Professional SP1 system that has started
rebooting with
> "The Remote Procedure Call (RPC) service terminated unexpectedly". It
isn't
> happening often, but it is a recurring problem. I know this is the
classic
> symptom of the Blaster worm, however Symantec Anti-Virus 8.1 with
virus defs
> dated 9/15/2003 says the machine is CLEAN. This system has never been
infected
> with ANYTHING. I'm very good about quickly installing security (and
other)
> patches, and the system gets an automatic virus scan every week just
to be
> sure.
>
> Here's the thing that has me worried: The first crash occured just a
few hours
> after I installed the KB824146 and KB824105 fixes. I'm afraid
Microsoft may
> have released these patches without sufficient testing. Any [MSFT]
people care
> to comment?
>
> --John
>

Hi,

Run this script and download the newest patch, which you will be prompted to
do if it isn't already installed.
http://www.kellys-korner-xp.com/regs_edits/msblast.vbs

More information here:
http://www.kellys-korner-xp.com/xp_qr.htm#rpc

--
All the Best,
Kelly

MS-MVP Win98/XP
[AE-Windows® XP]

Troubleshooting Windows XP
http://www.kellys-korner-xp.com

Top 10 Frequently Asked Questions and Answers
http://www.kellys-korner-xp.com/top10faqs.htm


"Kent W. England [MVP]" > wrote in message
...
> This is exactly what would happen if you have an effective anti-virus
> program running in the background to stop the msblast.exe
> download/install, yet your system is still unpatched and vulnerable to
> the RPC buffer overflow exploit.
>
> --
> Kent W. England, Microsoft MVP for Windows
>
>
>
> "John McNamee" > wrote in message
> ...
> > I've got a Windows XP Professional SP1 system that has started
> rebooting with
> > "The Remote Procedure Call (RPC) service terminated unexpectedly". It
> isn't
> > happening often, but it is a recurring problem. I know this is the
> classic
> > symptom of the Blaster worm, however Symantec Anti-Virus 8.1 with
> virus defs
> > dated 9/15/2003 says the machine is CLEAN. This system has never been
> infected
> > with ANYTHING. I'm very good about quickly installing security (and
> other)
> > patches, and the system gets an automatic virus scan every week just
> to be
> > sure.
> >
> > Here's the thing that has me worried: The first crash occured just a
> few hours
> > after I installed the KB824146 and KB824105 fixes. I'm afraid
> Microsoft may
> > have released these patches without sufficient testing. Any [MSFT]
> people care
> > to comment?
> >
> > --John
> >
>