I have a new computer and am using Windows XP Professional
and Internet Explorer. Why do I keep getting a (RPC)
Remote Procedure Call that then proceeds to shut me down
from the internet?
.....DD

"David D" > wrote:

>I have a new computer and am using Windows XP Professional
>and Internet Explorer. Why do I keep getting a (RPC)
>Remote Procedure Call that then proceeds to shut me down
>from the internet?

See "Virus Alert About the Blaster Worm and Its Variants"
(http://support.microsoft.com/?kbid=826955).

--
(tm)

"David D" > wrote in message
...
> I have a new computer and am using Windows XP Professional
> and Internet Explorer. Why do I keep getting a (RPC)
> Remote Procedure Call that then proceeds to shut me down
> from the internet?
> ....DD

<sighs>
You most likely have the blaster worm. When the shutdown countdown starts go
to: Start> run> type 'shutdown -a' without the quotes. Hit okay. Do it again
should the countdown start again during the process. Then go Start> control
panel> network connections> select your internet connection and right click
it. Select properties. Click the advanced tab and tick the 'protect this...'
box. Hit okay until the boxes disappear. Now go to
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
and read the page. Download the fixblast.exe (link about half way down that
page). Run it. When your machine is clean, go to windowsupdate.com and
download all the recommended fixes.
Chris

Courtesy of Will Denny.
Joan

Your system has been infected by the Blaster Worm. Have a look at the
following links:

www.kellys-korner-xp.com/xp_qr.htm#rpc

Courtesy of MVP Kelly Theriot.

"Virus Alert About the Blaster Worm and Its Variants"
http://support.microsoft.com/?id=826955

"What You Should Know About the Blaster Worm and Its Variants"
http://www.microsoft.com/security/incident/blast.asp

--

Will Denny
MS-MVP Windows - Shell/User


David D wrote:
> I have a new computer and am using Windows XP Professional
> and Internet Explorer. Why do I keep getting a (RPC)
> Remote Procedure Call that then proceeds to shut me down
> from the internet?
> ....DD

"David D" > wrote in message
...
> I have a new computer and am using Windows XP Professional
> and Internet Explorer. Why do I keep getting a (RPC)
> Remote Procedure Call that then proceeds to shut me down
> from the internet?
> ....DD

I think vendors should be open to charges of negligence in that they don't
a) tell buyers about this and b) install the patches before they sell!

Rifleman: Dell is now installing the blaster patch on new systems it ships.

Tom
"Rifleman" > wrote in message
...
| "David D" > wrote in message
| ...
| > I have a new computer and am using Windows XP Professional
| > and Internet Explorer. Why do I keep getting a (RPC)
| > Remote Procedure Call that then proceeds to shut me down
| > from the internet?
| > ....DD
|
| I think vendors should be open to charges of negligence in that they don't
| a) tell buyers about this and b) install the patches before they sell!
|
|

Greetings --

If you connected the PC to the Internet without having first
installed the KB824146 Hotfix, without having first installed an
antivirus application with current virus definition files, and before
enabling a firewall, you're very likely to get infected from any of
the thousands of PCs on the Internet that are constantly broadcasting
the Blaster and/or Welchia worms. It only takes a few seconds of
exposure.

To stay on-line long enough to get the necessary updates, patches,
and removal tools, click Start > Run, and enter "shutdown -a" when the
next RPC countdown begins. This will abort the shut down. Also, make
sure you've enabled a firewall before starting, to preclude any more
intrusions while getting the updates/patches/tools.

Microsoft Security Bulletin MS03-39
http://support.microsoft.com/?kbid=824146

What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp

W32.Blaster.Worm a.k.a. W32/Lovesan.Worm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html

W32.Blaster.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

W32.Welchia.Worm a.k.a. W32/Nachi.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html

W32.Welchia.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.html

McAfee AVERT Stinger
http://us.mcafee.com/virusInfo/default.asp?id=stinger


Bruce Chambers
--
Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH

"David D" > wrote in message
...
>I have a new computer and am using Windows XP Professional
> and Internet Explorer. Why do I keep getting a (RPC)
> Remote Procedure Call that then proceeds to shut me down
> from the internet?
> ....DD

....and now we have Welchia.B running. Could be the cause of the uptick in
RPC queries today.

http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.b.worm.html

Ron Chamberlin
Ms-MVP

"Bruce Chambers" > wrote in message
...
> Greetings --
>
> If you connected the PC to the Internet without having first
> installed the KB824146 Hotfix, without having first installed an
> antivirus application with current virus definition files, and before
> enabling a firewall, you're very likely to get infected from any of
> the thousands of PCs on the Internet that are constantly broadcasting
> the Blaster and/or Welchia worms. It only takes a few seconds of
> exposure.
>
> To stay on-line long enough to get the necessary updates, patches,
> and removal tools, click Start > Run, and enter "shutdown -a" when the
> next RPC countdown begins. This will abort the shut down. Also, make
> sure you've enabled a firewall before starting, to preclude any more
> intrusions while getting the updates/patches/tools.
>
> Microsoft Security Bulletin MS03-39
> http://support.microsoft.com/?kbid=824146
>
> What You Should Know About the Blaster Worm
> http://www.microsoft.com/security/incident/blast.asp
>
> W32.Blaster.Worm a.k.a. W32/Lovesan.Worm
> http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html
>
> W32.Blaster.Worm Removal Tool
> http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
>
> W32.Welchia.Worm a.k.a. W32/Nachi.Worm
> http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html
>
> W32.Welchia.Worm Removal Tool
> http://www.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.html
>
> McAfee AVERT Stinger
> http://us.mcafee.com/virusInfo/default.asp?id=stinger
>
>
> Bruce Chambers
> --
> Help us help you:
> http://dts-l.org/goodpost.htm
> http://www.catb.org/~esr/faqs/smart-questions.html
>
> You can have peace. Or you can have freedom. Don't ever count on having
> both at once. -- RAH
>
> "David D" > wrote in message
> ...
>>I have a new computer and am using Windows XP Professional
>> and Internet Explorer. Why do I keep getting a (RPC)
>> Remote Procedure Call that then proceeds to shut me down
>> from the internet?
>> ....DD
>
>

"Tom Pepper Willett" > wrote in message
...
> Rifleman: Dell is now installing the blaster patch on new systems it
ships.
>

Good news! But do they also tell buyers about firewalls and AV progs?

They have information on their site, buried under Customer Care FAQs, Hints
& Tips. But, very difficult to find. And, if you don't know to even look
for it, you wouldn't look for it.

Tom
"Rifleman" > wrote in message
...
> "Tom Pepper Willett" > wrote in message
> ...
> > Rifleman: Dell is now installing the blaster patch on new systems it
> ships.
> >
>
> Good news! But do they also tell buyers about firewalls and AV progs?
>
>

Although I'm not affected by this problem, could someone tell me HOW I could
possibly download and install hotfixes and patches WITHOUT first connecting
to the internet?

"Ron Chamberlin" > wrote in message
...
> ...and now we have Welchia.B running. Could be the cause of the uptick in
> RPC queries today.
>
>
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.b.worm.h
tml
>
> Ron Chamberlin
> Ms-MVP
>
> "Bruce Chambers" > wrote in message
> ...
> > Greetings --
> >
> > If you connected the PC to the Internet without having first
> > installed the KB824146 Hotfix, without having first installed an
> > antivirus application with current virus definition files, and before
> > enabling a firewall, you're very likely to get infected from any of
> > the thousands of PCs on the Internet that are constantly broadcasting
> > the Blaster and/or Welchia worms. It only takes a few seconds of
> > exposure.
> >
> > To stay on-line long enough to get the necessary updates, patches,
> > and removal tools, click Start > Run, and enter "shutdown -a" when the
> > next RPC countdown begins. This will abort the shut down. Also, make
> > sure you've enabled a firewall before starting, to preclude any more
> > intrusions while getting the updates/patches/tools.
> >
> > Microsoft Security Bulletin MS03-39
> > http://support.microsoft.com/?kbid=824146
> >
> > What You Should Know About the Blaster Worm
> > http://www.microsoft.com/security/incident/blast.asp
> >
> > W32.Blaster.Worm a.k.a. W32/Lovesan.Worm
> > http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html
> >
> > W32.Blaster.Worm Removal Tool
> >
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.htm
l
> >
> > W32.Welchia.Worm a.k.a. W32/Nachi.Worm
> >
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.htm
l
> >
> > W32.Welchia.Worm Removal Tool
> >
http://www.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.htm
l
> >
> > McAfee AVERT Stinger
> > http://us.mcafee.com/virusInfo/default.asp?id=stinger
> >
> >
> > Bruce Chambers
> > --
> > Help us help you:
> > http://dts-l.org/goodpost.htm
> > http://www.catb.org/~esr/faqs/smart-questions.html
> >
> > You can have peace. Or you can have freedom. Don't ever count on
having
> > both at once. -- RAH
> >
> > "David D" > wrote in message
> > ...
> >>I have a new computer and am using Windows XP Professional
> >> and Internet Explorer. Why do I keep getting a (RPC)
> >> Remote Procedure Call that then proceeds to shut me down
> >> from the internet?
> >> ....DD
> >
> >
>
>

"Its only me" > wrote in message
...
> Although I'm not affected by this problem, could someone tell me HOW I
could
> possibly download and install hotfixes and patches WITHOUT first
connecting
> to the internet?
>
SNIP

LOL good question!
Of course, you don't, because you can't. You should, however, make sure the
Windows XP firewall is on (as described previously in this thread) before
you go on line, as this will stop you being infected immediately. Then make
your first stop Windows Update...
Now the only problem is to ensure people know this before they go on line to
find it out the hard way!
Chris

Greetings --

Oh, goodie. As if we weren't already seeing it several times a
day. I'm frankly surprised that there are still people on this planet
who have _not_ heard of Blaster and Welchia. How can so many people
live completely beyond the reach of radio, television, newspapers, and
magazines, and still have Internet access? And if they have Internet
access, why don't they use it to keep themselves informed of the world
around them? It boggles the mind.


Bruce Chambers
--
Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH

"Ron Chamberlin" > wrote in message
...
> ...and now we have Welchia.B running. Could be the cause of the
> uptick in RPC queries today.
>
> http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.b.worm.html
>
> Ron Chamberlin
> Ms-MVP
>

'lol'
It could be that people are so excited about getting this brand new system
and wanting to try it out that security goes out the window <g>
Joan

Bruce Chambers wrote:
> Greetings --
>
> Oh, goodie. As if we weren't already seeing it several times a
> day. I'm frankly surprised that there are still people on this planet
> who have _not_ heard of Blaster and Welchia. How can so many people
> live completely beyond the reach of radio, television, newspapers, and
> magazines, and still have Internet access? And if they have Internet
> access, why don't they use it to keep themselves informed of the world
> around them? It boggles the mind.
>
>