Need Help with XP auto shutdown :( RPC service error

[dxkj]

Randomly my computer will display this error message ERROR SHUTDOWN. I have no clue why it is doing that, and there is nothing specific that sets it off, sometimes it happens after 3hrs, 12hrs, 30 seconds.


I appreciate any insight.

---

You have been hit by the W32.Blaster.Worm. See the Windows Update site, and our sticky thread in this forum.

 

[dxkj]

Hrm google says something about an exploit. Since Ive never updated my OS before I might try that now 😛

 

[dxkj]

grr its not even letting me update it, keeps doing the 60 second shut down thing

 

[Crypticburn]

These problems are indicative of the RPC DCOM exploit, and your system has been compromised. The exploits out there have many different results, and thus I cannot tell you how to fix it simply. The easiest solution is to re-install your system and immediately install updates, and install updates on a regular basis.

If you're very familiar with windows, you may wish to look at the processes running, and any additional files added to your system folders. Otherwise, I suggest a fresh install.

Crypticburn

 

[dxkj]

Ok I will do that when I get home. I hope I can fix it by eye.
.

 

[BeauJangles]

Yup the exploit goes through Telnet and allows someone to root your box in 20 seconds. Once they close the Telnet session RPC crashes.

Cliff notes: YOu were hacked.

 

[NesuD]

Here is something from Microsoft about it. RPC vulnerability

 

[dxkj]

Im at work, but if I unplug from the net will that give me time to download and apply patch?

 

[R2D2]

Got my computer too. I didn't even have time to read any other posts.

Thanks NesuD for the link. I just ran it. Hope it helps!

 

[NesuD]

try turning on the built in xp firewall. it is suppesed to take care of it from what i am seeing

 

[dxkj]

lol i didnt even know XP had a built in firewall, wheres it hidin?

 

[Twista]

Originally posted by: BlinderBomber
Yup the exploit goes through Telnet and allows someone to root your box in 20 seconds. Once they close the Telnet session RPC crashes.

Cliff notes: YOu were hacked.

if thats true thats a million hackers out there fu*kin with us every second we reboot.

 

[Twista]

Originally posted by: dxkj
lol i didnt even know XP had a built in firewall, wheres it hidin?

To turn on Personal Firewall, Open Control Panel (click Start -> Control Panel), then open Network and Internet Connections, and then Network Connections. Find your connection to the Internet (for instance, under Dial-Up), right-click it and choose Properties. In the box that appears, click the Advanced tab. In the top section, check (click) the box next to "Protect my computer and network by limiting or preventing access to this computer from the Internet." Click OK, and bask in the glow of the feeling that comes from knowing you've made your computer just a little more inaccessible to the bad guys.

 

[NesuD]

thanks Twista just got back to check the thread. Got 6 icq dialogues open and 2 phone lines burnin up here trying to help all my friends in these parts with this. Inmy router incoming log i am getting hammered on port 135 from about 60 different ip's. the kick though is that everyone of the incoming IPs is a charter pipeline ip addy. Looks like the attacks may be coming from only with in my providers own system. My friends with comcast are seeing something very similar. their attacks are all coming from comcast ip's

 

[NesuD]

LOL!!
Just gave charter pipelines tech support a call to see if they maybe could block port 135 on the entire network and i got a recording describing this problem and saying it is the fault of the operating system and to call microsoft. 😀

 

[NesuD]

ok if you need to stop your machine fro restarting to download the fix go into services and under the recovery tab in the RPC properties change the failure actions from restart the computer to restart the service. that should stop the system from restarting then you cand run the security updates to plug the hole. This doesn't stop the attack just the restarts you still need to plug the holes with the updates