Why are we ALL having the same problem on the same day? I
just called a friend and told her about the XP problem
that started yesterday. She said yesterday it started for
her also... We both have new-clean systems.

Is this a virus? Were all of us on the internet while it
first happened?

I don't suggest doing anything without hearing it from
Microsoft directly. If someone gets the real info PLEASE
SHARE!!!

The link below explains what exactly RPC is. Something's
fishy...
http://www.sei.cmu.edu/str/descriptions/rpc.html

Audrea

Read and follow the instructions in this article:

MS03-026: Buffer Overrun in RPC Interface May Allow Code Execution
http://support.microsoft.com/?kbid=3D823980

**** You need to make sure you have a FIREWALL enabled ****

Open XP's "Help and Support" and type: FIREWALL , and hit enter.
Click on the topic titled "Enable or Disable Internet Connection =
Firewall".

Additional information from Symantec:

Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability
http://securityresponse.symantec.com/avcenter/security/Content/8205.html

The RPC alert has been diagnosed as the W32.Blaster.Worm and removal=20
instructions are available from this Symantec link:=20
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.=
html


--=20
Nicholas

-------------------------------------------------------------------------=
-

"Audrea" > wrote in message:
...

| Why are we ALL having the same problem on the same day? I=20
| just called a friend and told her about the XP problem=20
| that started yesterday. She said yesterday it started for=20
| her also... We both have new-clean systems.=20
|=20
| Is this a virus? Were all of us on the internet while it=20
| first happened?
|=20
| I don't suggest doing anything without hearing it from=20
| Microsoft directly. If someone gets the real info PLEASE=20
| SHARE!!!
|=20
| The link below explains what exactly RPC is. Something's=20
| fishy...
| http://www.sei.cmu.edu/str/descriptions/rpc.html
|=20
| Audrea

Hey Thanks. I started having the exact same problem for
the first time after I connected to the internet three
hours earlier.

My firewall kept giving me alerts that the TFTP program
was trying to access the internet.

thanks once again

stephen



>-----Original Message-----
>Read and follow the instructions in this article:
>
>MS03-026: Buffer Overrun in RPC Interface May Allow Code
Execution
>http://support.microsoft.com/?kbid=823980
>
>**** You need to make sure you have a FIREWALL enabled
****
>
>Open XP's "Help and Support" and type: FIREWALL , and
hit enter.
>Click on the topic titled "Enable or Disable Internet
Connection Firewall".
>
>Additional information from Symantec:
>
>Microsoft Windows DCOM RPC Interface Buffer Overrun
Vulnerability
>http://securityresponse.symantec.com/avcenter/security/Co
ntent/8205.html
>
>The RPC alert has been diagnosed as the W32.Blaster.Worm
and removal
>instructions are available from this Symantec link:
>http://securityresponse.symantec.com/avcenter/venc/data/w
32.blaster.worm.html
>
>
>--
>Nicholas
>
>---------------------------------------------------------
-----------------
>
>"Audrea" > wrote in message:
> ...
>
>| Why are we ALL having the same problem on the same
day? I
>| just called a friend and told her about the XP problem
>| that started yesterday. She said yesterday it started
for
>| her also... We both have new-clean systems.
>|
>| Is this a virus? Were all of us on the internet while
it
>| first happened?
>|
>| I don't suggest doing anything without hearing it from
>| Microsoft directly. If someone gets the real info
PLEASE
>| SHARE!!!
>|
>| The link below explains what exactly RPC is.
Something's
>| fishy...
>| http://www.sei.cmu.edu/str/descriptions/rpc.html
>|
>| Audrea
>.
>

Hi Audrea

Perhaps your machines are infected with a worm
(W32.Blaster.Worm). For information about this worm and
how to deal with it, read the bulletin at this site:
http://securityresponse.symantec.com/avcenter/venc/data/w3
2.blaster.worm.html

Good luck!
HTH

>-----Original Message-----
>Why are we ALL having the same problem on the same day?
I
>just called a friend and told her about the XP problem
>that started yesterday. She said yesterday it started
for
>her also... We both have new-clean systems.
>
>Is this a virus? Were all of us on the internet while it
>first happened?
>
>I don't suggest doing anything without hearing it from
>Microsoft directly. If someone gets the real info PLEASE
>SHARE!!!
>
>The link below explains what exactly RPC is. Something's
>fishy...
>http://www.sei.cmu.edu/str/descriptions/rpc.html
>
>Audrea
>.
>

Audrea wrote:
> Why are we ALL having the same problem on the same day? I
> just called a friend and told her about the XP problem
> that started yesterday. She said yesterday it started for
> her also... We both have new-clean systems.
>
> Is this a virus? Were all of us on the internet while it
> first happened?
>
> I don't suggest doing anything without hearing it from
> Microsoft directly. If someone gets the real info PLEASE
> SHARE!!!
>
> The link below explains what exactly RPC is. Something's
> fishy...
> http://www.sei.cmu.edu/str/descriptions/rpc.html
>

Audrea

You are likely infected, at this point.

There's a new major worm currently hitting the Internet. You can get more
info about the worm here:

*Warning*
If your system has been infected by this new worm, applying the security
patch will not remove or disable the worm. This only protects your system
from from any new infection.

http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html

The following fix procedure is courtesy of Ron Martell, MVP

This is caused by a new and rapidly spreading worm.

To clear up the "NT Authority\System" and RPC call errors:

1. Go to http://support.microsoft.com/?kbid=823980 and download the
security patch. If at all possible do this on a clean machine and copy the
patch to a 3.5 inch diskette.

2. Boot the infected machine into Safe Mode (tapping the F8 key multiple
times
before and during the boot menu). Insert the 3.5 inch diskette with the
patch on it and run it. Do not reboot yet.

3. Use Start - Run - MSCONFIG and go to the Startup tab. Locate the entry
for MSBLAST.EXE and clear the checkbox for it.

4. Use Start - Search and check all your hard drives for the file
MSBLAST.EXE and delete all copies of it.

5. Shut down and restart the computer normally.

6. Immediately do an update of your antivirus software and when the updates
are installed do a complete virus scan of your hard drive.

--
Ronnie Vernon
Microsoft MVP
Windows Shell/User

Please reply to the newsgroup so all may benefit.
Unsolicited e-mail is not answered.