RPC DCOM problem

[DaiShan]

So a friend told me her laptop was having this pop up box occur with a countdown timer saying that nt authority would shut down windows in 1 minute, fine I told her it was rpc dcom bring it over I'll fix it. Well I put stinger on a disk and the relevant microsoft fix for the exploit booted to safe mode where stinger detected and deleted 3 instances of msblast. I then ran the fix and restarted windows. Same problem, but here's the kicker, its not connected to the internet at all, no network connectivity, and now it is doing it in safe mode (not with network support vanilla safe mode) I'm a little out of ideas on what to do here, anyone got anything?

 

[mechBgon]

If you didn't do this already, make sure to disable System Restore and nuke all SR files, then re-run Stinger and see if that helped. If she needs antivirus softtware and qualifies for the Grisoft AVG Free Edition, that might be something else to try on there. I'd also put ZoneAlarm basic on it if she qualifies for free use of that (if it's a business lappie, maybe not). I'm not sure how good it is, but you can also enable WindowsXP's own firewall if this is a WinXP system.

Hope that helps

 

[DaiShan]

I ended up restoring to about 9 days before she first experienced the problem, I updated windows and left it running while we went to dinner and it appears to be running fine now, stinger and macaffee both seem to think its clean, but I'll keep an eye out, thanks so much for the quick reply, she is prone to things like this because she never runs windows update (I have it set to auto download and prompt her to hit install, which she ignores lol) and doesn't update virus definitions, but all looks well for the time being heh. This one was just weird because I was under the impression that rpc required an internet connection to be exploited, and prior to her coming over I filtered out the ports rpc uses in my router, and ran stinger in safemode before getting to work on updating, when it started happening in safemode without network support after I had disabled in device manager all network cards it kinda had me stumped heh.

 

[mechBgon]

Try setting her auto-upates like this. This will result in it trying to install at the bootup following the day that it downloads the patches.