Hello, I am trying to help afriend with his new computer.
He just got Internet service and gets a remote procedure
call shutdown message and his computer restarts. Can
anyone help me? Please?

Justin;
DISCONNECT the subject computer from any network IMMEDIATELY.
VERY IMPORTANT to repair, closing ports is NOT enough.
Download the patch from the Windows Catalog.
http://support.microsoft.com/?kbid=323166
You want: 823980
You may need to do this at an uninfected computer and burn to CD or
save on floppy.

This is the IMPORTANT fix by Ron Martell:
http://www.bigblackglasses.com/Article.aspx?Article=342

After this is resolved prevent similar occurrences by installing ALL
Critical Updates from Windows Update.
Keep antivirus up to date and run at least weekly.
Install or enable a firewall.

--
Jupiter Jones [MVP]
An easier way to read newsgroup messages:
http://www.microsoft.com/windowsxp/pro/using/newsgroups/setup.asp
http://dts-l.org/index.html


"Justin Piatt" > wrote in message
...
> Hello, I am trying to help afriend with his new computer.
> He just got Internet service and gets a remote procedure
> call shutdown message and his computer restarts. Can
> anyone help me? Please?

This is a symptom of the RPC/DCOM exploit as described in Microsoft
security bulletin MS03-026. Go to
http://www.microsoft.com/security/security_bulletins/ms03-026.asp to
read about this vulnerability.

You need to download the Windows critical update patch 823980 and enable
or install a personal firewall to block TCP and UDP ports 135, 139, and
445. The built-in XP firewall will block these ports by default.

Once you download what you need, disconnect from the network, install
your patch, install your firewall and clean the worm from your system.
For msblast.exe removal instructions, read
http://www.bigblackglasses.com/Article.aspx?Article=342.

Once you are sure your system is clean, you can reconnect to the
Internet. It is very important to address this quickly and to disconnect
as soon as possible. Your system is very vulnerable to further exploits
while the worm is present and you do not want your system involved in
the massive denial-of-service attacks that are coming in the next few
days from the masses of compromised systems.

Download, disconnect, patch, firewall, and clean. Then inspect. When
sure, reconnect.

--
Kent W. England, Microsoft MVP for Windows



"Justin Piatt" > wrote in
message ...

> Hello, I am trying to help afriend with his new computer.
> He just got Internet service and gets a remote procedure
> call shutdown message and his computer restarts. Can
> anyone help me? Please?

I'm having the same problem but I'm sure the virus won't
let me stay online long enough to get all of this done ?
Any other suggestions. Please make this simple, thank you.
>-----Original Message-----
>This is a symptom of the RPC/DCOM exploit as described in
Microsoft
>security bulletin MS03-026. Go to
>http://www.microsoft.com/security/security_bulletins/ms03-
026.asp to
>read about this vulnerability.
>
>You need to download the Windows critical update patch
823980 and enable
>or install a personal firewall to block TCP and UDP ports
135, 139, and
>445. The built-in XP firewall will block these ports by
default.
>
>Once you download what you need, disconnect from the
network, install
>your patch, install your firewall and clean the worm from
your system.
>For msblast.exe removal instructions, read
>http://www.bigblackglasses.com/Article.aspx?Article=342.
>
>Once you are sure your system is clean, you can reconnect
to the
>Internet. It is very important to address this quickly
and to disconnect
>as soon as possible. Your system is very vulnerable to
further exploits
>while the worm is present and you do not want your system
involved in
>the massive denial-of-service attacks that are coming in
the next few
>days from the masses of compromised systems.
>
>Download, disconnect, patch, firewall, and clean. Then
inspect. When
>sure, reconnect.
>
>--
>Kent W. England, Microsoft MVP for Windows
>
>
>
>"Justin Piatt" > wrote in
>message ...
>
>> Hello, I am trying to help afriend with his new
computer.
>> He just got Internet service and gets a remote procedure
>> call shutdown message and his computer restarts. Can
>> anyone help me? Please?
>
>.
>

Actually, all you have to do is kill msblast.exe and enable the XP
firewall to get some breathing room. Enable your XP firewall from the
connectoid Advanced tab. Then you have some breathing space to download
the patch and update your AV and download a different firewall, if you
like.

But don't leave the worm on your system connected to the Internet. It
might phone home and download a whole raft of new exploits. Meanwhile
it's participating in denial-of-service attacks on Microsoft.

--
Kent W. England, Microsoft MVP for Windows



"mike christian" > wrote in
message ...
> I'm having the same problem but I'm sure the virus won't
> let me stay online long enough to get all of this done ?
> Any other suggestions. Please make this simple, thank you.
> >-----Original Message-----
> >This is a symptom of the RPC/DCOM exploit as described in
> Microsoft
> >security bulletin MS03-026. Go to
> >http://www.microsoft.com/security/security_bulletins/ms03-
> 026.asp to
> >read about this vulnerability.
> >
> >You need to download the Windows critical update patch
> 823980 and enable
> >or install a personal firewall to block TCP and UDP ports
> 135, 139, and
> >445. The built-in XP firewall will block these ports by
> default.
> >
> >Once you download what you need, disconnect from the
> network, install
> >your patch, install your firewall and clean the worm from
> your system.
> >For msblast.exe removal instructions, read
> >http://www.bigblackglasses.com/Article.aspx?Article=342.
> >
> >Once you are sure your system is clean, you can reconnect
> to the
> >Internet. It is very important to address this quickly
> and to disconnect
> >as soon as possible. Your system is very vulnerable to
> further exploits
> >while the worm is present and you do not want your system
> involved in
> >the massive denial-of-service attacks that are coming in
> the next few
> >days from the masses of compromised systems.
> >
> >Download, disconnect, patch, firewall, and clean. Then
> inspect. When
> >sure, reconnect.
> >
> >--
> >Kent W. England, Microsoft MVP for Windows
> >
> >
> >
> >"Justin Piatt" > wrote in
> >message ...
> >
> >> Hello, I am trying to help afriend with his new
> computer.
> >> He just got Internet service and gets a remote procedure
> >> call shutdown message and his computer restarts. Can
> >> anyone help me? Please?
> >
> >.
> >