I keep getting the boot from somewhere! It says
something about NT Authority System and Remote Procedure
Call Service terminated unexpectedlly. It gives me 60
seconds to close everything as it counts down.

What is going on!?!?!

You have got a virus, removal info at...
http://www.kellys-korner-xp.com/xp_qr.htm#rpc

More info about the worm:
http://www.microsoft.com/security/incident/blast.asp

More info about the worm:
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html

Test your system
https://grc.com/x/portprobe=135

"Don" > wrote in message
...
> I keep getting the boot from somewhere! It says
> something about NT Authority System and Remote Procedure
> Call Service terminated unexpectedlly. It gives me 60
> seconds to close everything as it counts down.
>
> What is going on!?!?!

Go to http://www.kellys-korner-xp.com/xp_qr.htm#rpc and download the removal
tool.
Run the tool to remove the worm,then follow the onscreen prompts to download
the patch.
Make sure you download the 32bit patch if you are running XP.

There are more variants out now.
The exes for 2 of the variants are teekids.exe and penis32.exe
Kelly's script kills all known variants.
As more variants are found Kelly and Doug are adding removal instructions to
the script to kill them as well.

If you are having trouble staying up to get the patch and removal tool:
When the shutdown prompt appears,go to start/run and type
shutdown -a to abort the shutdown process to allow you to stay up and
online.


--
Larry Samuels MS-MVP (Windows-Shell/User)
Associate Expert
Unofficial FAQ for Windows Server 2003 at
http://home.earthlink.net/~larrysamuels/WS2003FAQ.htm
Expert Zone - www.microsoft.com/windowsxp/expertzone


"Don" > wrote in message
...
> I keep getting the boot from somewhere! It says
> something about NT Authority System and Remote Procedure
> Call Service terminated unexpectedlly. It gives me 60
> seconds to close everything as it counts down.
>
> What is going on!?!?!

1. Click Start, Run and then type: shutdown -a

This prevents the system from automatically restarting long enough
for you to download and install the Microsoft security update.

2. Click OK.
3. If the "shutdown -a" command fails to keep the computer from
restarting, use the following steps:

a. Click Start, Run, and then type: services.msc

A Services window appears.

b. Click OK.
c. Double-click Remote Procedure Call (RPC) and select the
Recovery tab. Be careful to not use the Remote Procedure Call
(RPC) Locator item.
d. Set the First Failure, Second Failure, and Subsequent Failures
items to Take No Action.
e. Click OK to apply the settings.

4. Install the latest critical updates using Windows Update. For more
information, go to the following Web sites:

* Microsoft's Security Bulletin: MS03-0266:

http://tinyurl.com/is2b

-or-

http://www.microsoft.com/downloads/details.aspx?FamilyID=2354406c-c5b6-44ac-
9532-3de40f69c074&displaylang=en


5. Remove the worm using your antivirus software. Do this by
attaining the latest virus definitions and then performing a scan.
For more detailed information go to the following Web sites:

* McAfee's VirusScan Web page on the W32/Lovsan.worm virus:

http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100547

* Symantec's Norton AntiVirus Web page on the 32.Blaster.Worm
virus.

http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.htm
l

NOTE: Clicking the links may give an error indicating it is
invalid. If this occurs, copy the portion of the address
on the second line and paste it at the end of the address
showing in your browser.

If all went well, the computer is now clean and protected. If
these steps did not resolve the problem, contact Microsoft and your
anti-virus software vendor for additional assistance.


6. If you used the "services.msc" command (as explained above in
Step 3) to prevent your computer from restarting, restore your RPC
recovery settings to their original state as follows:

a. Click Start, Run, and then type: services.msc
b. Click OK.
c. Double-click Remote Procedure Call (RPC) and select the
Recovery tab. Be careful to not use the Remote Procedure Call
(RPC) Locator item.
d. Set the First Failure, Second Failure, and Subsequent Failures
items to Restart the Computer.
e. Click OK to apply the settings.


NaresH KumaR

"Don" > wrote in message
...
> I keep getting the boot from somewhere! It says
> something about NT Authority System and Remote Procedure
> Call Service terminated unexpectedlly. It gives me 60
> seconds to close everything as it counts down.
>
> What is going on!?!?!