When downloading files the computer shows the fault
message " NT AUTHORITE/SYSTEM " RPC (Remote Procedure
Call) service, system will stop in about 40 seconds.

The computer then reboots without downloading any file.

To stop the reboots: Go to Start/Run and type in: services.msc. Scroll down
to Remote Procedure Call (RPC)/Recovery/First Failure/Restart the Service.

Close Windows Explorer, run the edit on line 257 which includes the prompt
for the patch once your system has been cleaned.

This script removes all variants of the W32.Blaster.Worm (original, B, C, D,
E and F) and will inform you whether or not the patch is already installed.
http://www.kellys-korner-xp.com/xp_tweaks.htm. Direct download:
http://www.kellys-korner-xp.com/regs_edits/msblast.vbs

More information here:
http://www.kellys-korner-xp.com/xp_qr.htm#rpc

--
All the Best,
Kelly

MS-MVP Win98/XP
[AE-Windows® XP]

Troubleshooting Windows XP
http://www.kellys-korner-xp.com

Top 10 Frequently Asked Questions and Answers
http://www.kellys-korner-xp.com/top10faqs.htm


" > wrote in message
...
> When downloading files the computer shows the fault
> message " NT AUTHORITE/SYSTEM " RPC (Remote Procedure
> Call) service, system will stop in about 40 seconds.
>
> The computer then reboots without downloading any file.

Hi Hermes,

It's a virus called blaster or lovesan. Information:

http://www.kellys-korner-xp.com/xp_qr.htm#rpc
http://vil.nai.com/vil/content/v_100499.htm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html
http://www.bigblackglasses.com/Article.aspx?Article=342

You need the patch described here to protect against it:

MS03-026: Buffer Overrun in RPC Interface May Allow Code Execution
http://support.microsoft.com/?kbid=823980

Problem is, you needed to install the patch BEFORE you got infected to avoid
it.

--
Best of Luck,

Rick Rogers aka "Nutcase" MS-MVP - Win9x
Windows isn't rocket science! That's my other hobby!
http://mvp.support.microsoft.com/
Associate Expert - WinXP - Expert Zone
www.microsoft.com/windowsxp/expertzone
Win98 Help - www.rickrogers.org

" > wrote in message
...
> When downloading files the computer shows the fault
> message " NT AUTHORITE/SYSTEM " RPC (Remote Procedure
> Call) service, system will stop in about 40 seconds.
>
> The computer then reboots without downloading any file.

Hi Rick;
Sorry to just jump in here , but I have a question concerning this subject ,
that seems to be in order.
I have all the MS critical updates , however can not find 823980. Am I safe
in assuming that it is included either in the "rollup" from October, or in
one of the "Q" numbered files that also downloaded from MS ? If not then
what ?
By the way, it doesn't get said enough that you MVPs can never get enough
thanks from those of us that would otherwise be flailing around in the dark
trying to keep our computers from devouring us.


" > wrote in message
...
> When downloading files the computer shows the fault
> message " NT AUTHORITE/SYSTEM " RPC (Remote Procedure
> Call) service, system will stop in about 40 seconds.
>
> The computer then reboots without downloading any file.

Hi,

That patch was incorporated into Q824146, I should update that link. Thanks
for pointing it out.

MS03-039: A Buffer Overrun in RPCSS Could Allow an Attacker to Run Malicious
Programs
http://support.microsoft.com/?kbid=824146

--
Best of Luck,

Rick Rogers aka "Nutcase" MS-MVP - Win9x
Windows isn't rocket science! That's my other hobby!
http://mvp.support.microsoft.com/
Associate Expert - WinXP - Expert Zone
www.microsoft.com/windowsxp/expertzone
Win98 Help - www.rickrogers.org

"Mad Max" > wrote in message
...
> Hi Rick;
> Sorry to just jump in here , but I have a question concerning this subject
,
> that seems to be in order.
> I have all the MS critical updates , however can not find 823980. Am I
safe
> in assuming that it is included either in the "rollup" from October, or in
> one of the "Q" numbered files that also downloaded from MS ? If not then
> what ?
> By the way, it doesn't get said enough that you MVPs can never get enough
> thanks from those of us that would otherwise be flailing around in the
dark
> trying to keep our computers from devouring us.
>
>
> " > wrote in
message
> ...
> > When downloading files the computer shows the fault
> > message " NT AUTHORITE/SYSTEM " RPC (Remote Procedure
> > Call) service, system will stop in about 40 seconds.
> >
> > The computer then reboots without downloading any file.
>
>

Hi yourself Rick .
Far be it for me to point anything out. I'm doing real good if I can get
this computer to turn on of a morning and off at night. Everything in
between those two points is pure dumb luck. I was just wondering if I should
pull the plug or run like he** to the MS update website and try to locate
that missing update.
Again, thanks to all the MVPs .


"Rick "Nutcase" Rogers" > wrote in message
...
> Hi,
>
> That patch was incorporated into Q824146, I should update that link.
Thanks
> for pointing it out.
>
> MS03-039: A Buffer Overrun in RPCSS Could Allow an Attacker to Run
Malicious
> Programs
> http://support.microsoft.com/?kbid=824146
>
> --
> Best of Luck,
>
> Rick Rogers aka "Nutcase" MS-MVP - Win9x
> Windows isn't rocket science! That's my other hobby!
> http://mvp.support.microsoft.com/
> Associate Expert - WinXP - Expert Zone
> www.microsoft.com/windowsxp/expertzone
> Win98 Help - www.rickrogers.org
>
> "Mad Max" > wrote in message
> ...
> > Hi Rick;
> > Sorry to just jump in here , but I have a question concerning this
subject
> ,
> > that seems to be in order.
> > I have all the MS critical updates , however can not find 823980. Am I
> safe
> > in assuming that it is included either in the "rollup" from October, or
in
> > one of the "Q" numbered files that also downloaded from MS ? If not then
> > what ?
> > By the way, it doesn't get said enough that you MVPs can never get
enough
> > thanks from those of us that would otherwise be flailing around in the
> dark
> > trying to keep our computers from devouring us.
> >
> >
> > " > wrote in
> message
> > ...
> > > When downloading files the computer shows the fault
> > > message " NT AUTHORITE/SYSTEM " RPC (Remote Procedure
> > > Call) service, system will stop in about 40 seconds.
> > >
> > > The computer then reboots without downloading any file.
> >
> >
>
>

Hi Max,

Yes, get the patch - immediately if you have not already.

Also, take credit, your question caused me to review the article again and
notice the update (it's literally impossible to track them all). This is
what peer-to-peer support is all about.

--
Best of Luck,

Rick Rogers aka "Nutcase" MS-MVP - Win9x
Windows isn't rocket science! That's my other hobby!
http://mvp.support.microsoft.com/
Associate Expert - WinXP - Expert Zone
www.microsoft.com/windowsxp/expertzone
Win98 Help - www.rickrogers.org

"Mad Max" > wrote in message
...
> Hi yourself Rick .
> Far be it for me to point anything out. I'm doing real good if I can get
> this computer to turn on of a morning and off at night. Everything in
> between those two points is pure dumb luck. I was just wondering if I
should
> pull the plug or run like he** to the MS update website and try to locate
> that missing update.
> Again, thanks to all the MVPs .
>
>
> "Rick "Nutcase" Rogers" > wrote in message
> ...
> > Hi,
> >
> > That patch was incorporated into Q824146, I should update that link.
> Thanks
> > for pointing it out.
> >
> > MS03-039: A Buffer Overrun in RPCSS Could Allow an Attacker to Run
> Malicious
> > Programs
> > http://support.microsoft.com/?kbid=824146
> >
> > --
> > Best of Luck,
> >
> > Rick Rogers aka "Nutcase" MS-MVP - Win9x
> > Windows isn't rocket science! That's my other hobby!
> > http://mvp.support.microsoft.com/
> > Associate Expert - WinXP - Expert Zone
> > www.microsoft.com/windowsxp/expertzone
> > Win98 Help - www.rickrogers.org
> >
> > "Mad Max" > wrote in message
> > ...
> > > Hi Rick;
> > > Sorry to just jump in here , but I have a question concerning this
> subject
> > ,
> > > that seems to be in order.
> > > I have all the MS critical updates , however can not find 823980. Am I
> > safe
> > > in assuming that it is included either in the "rollup" from October,
or
> in
> > > one of the "Q" numbered files that also downloaded from MS ? If not
then
> > > what ?
> > > By the way, it doesn't get said enough that you MVPs can never get
> enough
> > > thanks from those of us that would otherwise be flailing around in the
> > dark
> > > trying to keep our computers from devouring us.
> > >
> > >
> > > " > wrote in
> > message
> > > ...
> > > > When downloading files the computer shows the fault
> > > > message " NT AUTHORITE/SYSTEM " RPC (Remote Procedure
> > > > Call) service, system will stop in about 40 seconds.
> > > >
> > > > The computer then reboots without downloading any file.
> > >
> > >
> >
> >
>
>

On Thu, 30 Oct 2003 02:08:25 -0800 "
> wrote the following and gave me
the chance to write something equally inane:

>When downloading files the computer shows the fault
>message " NT AUTHORITE/SYSTEM " RPC (Remote Procedure
>Call) service, system will stop in about 40 seconds.
>
>The computer then reboots without downloading any file.

This is as good a place as any to raise a point that I have not seen
in this newsgroup.

Over the last several months, many new internet security threats have
appeared which exploit Microsoft's DCOM and RPC flaws. Each time a
new threat appears, Microsoft releases a new patch tailor-made to
counter that one new threat. Each time Microsoft tells everyone to
just update their computers. Again.

This approach is not enough. Each patch does nothing to block any new
variations that inevitably arise. As a result, any unprotected
Microsoft-based computer today will be attacked within minutes after
connecting to the Internet, before they even have a chance to download
and install the latest patches. You don't have to visit any nasty
websites. You don't have to receive any malicious emails. You just
have to connect without protection.

Now,what has me confused is why Microsoft chose to unconditionally
enable DCOM and RPC on every installation in the first place. Because
of this one decision, all NT, 2000, and XP computers, and only these
computers, are at great risk for little practical benefit. Few
end-users will ever use these services. To my knowledge, their only
practical use has been to infect millions of computers worldwide.

And what has me really scratching my head is why Microsoft doesn't
just issue one patch to turn off DCOM and RPC, and instantly block all
existing and future threats based on these services.

That is exactly what I have done on all the computer in my care, and I
have noticed no loss of performance or functionality on any of them.
There is a very small program, created by Steve Gibson, which
selectively enables and disables these services. It is call
DCOMbob.exe, and is available at http://grc.com.

I invite all to share with this newgroup any facts and/or opinions
they have on these issues.

FWIW