I just installed Windows XP Home Edition on my computer.
After installing, the computer would be forced to restart
due to an error from the "Remote Procedure Call" service,
referencing NT Authority\System any time I connected to
the internet using my dial-up service.

Since I had an old hardware modem, I replaced it with a
new US Robotics winmodem and updated the the modem
driver. I still get the same error. It doesn't seem to
matter which browser I use or if a program connects for
an automatic update. The system is still forced to
reboot. I haven't been able to notice a pattern of on-
line requests/actions that lead to the error. Any help
would be greatly appreciated. Thanks.

Apparently, your computer is infected with the W32.Blaster.Worm or one of its variants.
This happened because you have not been using an internet connection firewall and have
neglected to install the critical updates available at the Windows Update website.

What You Should Know About the Blaster Worm and Its Variants
http://www.microsoft.com/security/incident/blast.asp

Are you looking for info about the cause of "Remote Procedure Call (RPC)",
initiated by NT Authority\System error message that shuts down Windows
(you might also see svchost.exe error occasionally)?
http://www.faqs.org/rfcs/rfc1831.html

If you have AOL:

America Online installs its own connection settings that override
the ones that come with Windows XP. America Online's
connection settings don't include a way to turn on Windows XP's
built-in firewall.

Visit the following web site for instructions on downloading
a FREE firewall program for your computer.

Ref: http://www.updatexp.com/free.html

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect your PC!
http://www.microsoft.com/security/protect/

-------------------------------------------------------------------------

"Mark J" > wrote in message:
...

| I just installed Windows XP Home Edition on my computer.
| After installing, the computer would be forced to restart
| due to an error from the "Remote Procedure Call" service,
| referencing NT Authority\System any time I connected to
| the internet using my dial-up service.
|
| Since I had an old hardware modem, I replaced it with a
| new US Robotics winmodem and updated the the modem
| driver. I still get the same error. It doesn't seem to
| matter which browser I use or if a program connects for
| an automatic update. The system is still forced to
| reboot. I haven't been able to notice a pattern of on-
| line requests/actions that lead to the error. Any help
| would be greatly appreciated. Thanks.

You are infected with the Blaster worm virus.



To stop the rebooting/shutdowns, right click on the task bar, choose task
manager, processes tab, look for msblast.exe. Highlight it and click end
process. Then turn on the xp firewall.

To turn on the firewall: control panel, network and internet connections,
network connections, right click your connection, properties, advanced tab,
check the protect my computer box. Do this as quickly as you can once the
desktop comes up. Then visit the sites below for the removal and patch info.

Symantec: removal info and removal tool
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html

Also make sure to follow the links to the Microsoft pages for the patch or
visit windows update for the patch after you remove it.

http://support.microsoft.com/?kbid=823980

http://www.microsoft.com/security/incident/blast.asp



"Mark J" > wrote in message
...
> I just installed Windows XP Home Edition on my computer.
> After installing, the computer would be forced to restart
> due to an error from the "Remote Procedure Call" service,
> referencing NT Authority\System any time I connected to
> the internet using my dial-up service.
>
> Since I had an old hardware modem, I replaced it with a
> new US Robotics winmodem and updated the the modem
> driver. I still get the same error. It doesn't seem to
> matter which browser I use or if a program connects for
> an automatic update. The system is still forced to
> reboot. I haven't been able to notice a pattern of on-
> line requests/actions that lead to the error. Any help
> would be greatly appreciated. Thanks.

In ,
Mark J > typed:

> I just installed Windows XP Home Edition on my computer.
> After installing, the computer would be forced to restart
> due to an error from the "Remote Procedure Call" service,
> referencing NT Authority\System any time I connected to
> the internet using my dial-up service.


You have the MSBlaster worm. To remove it, do the following:

The following instructions are in three parts

1. Stop it from running

2. Remove it from your system

3. Make sure it doesn't come back



Before beginning, if you have an always-on internet connection,
it's a good idea to disconnect it.



1. Stop it from running

Press Ctrl-Alt-Delete to bring up the Task Manager, then on the
Processes tab, click msblast.exe and then "End process." Reply
"Yes" to the warning message that comes up.

This stops the worm from running, so your system will not shut
down. However, it doesn't remove it, and if that's all you do, it
will start up again the next time you boot.


***

2. Remove it from your system

a. Start the registry editor program, regedit, by going to Start
| Run, and typing REGEDIT
Navigate to HKEY_Local_Machine\Software\Microsoft\Windows\Curr ent
Version\Run by clicking the plus signs next to each of the
folders in the left hand pane. When you get to the last of them,
Run, click the word Run itself.

Find an entry called "Windows Auto Update" on the right side.
Right-click it and delete it.

b. Do a Windows search for msblast, and delete all files found.

The worm is now gone, and won't start again the next time you
boot. But if that's all you do, you can get reinfected just as
you did the first time.

***


3. Make sure it doesn't come back

a. Make sure you're running a firewall that prevents worms like
this from getting in. You can enable the built-in Windows XP
firewall, or download and install another one such as the free
version of ZoneAlarm. To enable the built-in firewall, go to
Control Panel, double-click Networking and Internet Connections,
then click Network Connections. Right-click your connection, then
click Properties, and on the Advanced tab, click the option
"Protect my computer and network..."


b. If you've disconnected your internet connection, reconnect it.
Download and install the Microsoft patch at
http://download.microsoft.com/download/9/8/b/98bcfad8-afbc-458f-aaee-b7a52a983f01/WindowsXP-KB823980-x86-ENU.exe

That will remove the vulnerability that the worm exploits.


c. Be sure you are running an anti-virus program, and that you
regularly download the latest updated virus definitions.

--
Ken Blake - Microsoft MVP Windows: Shell/User
Please reply to the newsgroup

Greetings --

Is Service Pack 1 installed? It's a prerequisite for that hotfix.

Bruce Chambers

--
Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH


"peace" > wrote in message
...
> Dear Mr. Blake:
> Would you tell me in what condition, the computer won't let the
user install WindowsXP-KB823980-x86-ENU.exe?