viruses that exploit rpc in winxp home

[stringcheeseincident]

i have a virus that exploits the rpc procedure, where the computer turns off after 60 seconds. i can go into the command prompt and disable the shutdown, but from there i have no internet access on that computer. i have been able to load different removal programs via my flash drive, and i've already tried the Blaster and Sasser worm removal tools. neither said those worms were detected. what other worms/trojans/viruses are out there that exploit the rpc procedure? i guess i just have to run tons of removal tools until i find which virus it is.

 

[bsobel]

Originally posted by: stringcheeseincident
i have a virus that exploits the rpc procedure, where the computer turns off after 60 seconds. i can go into the command prompt and disable the shutdown, but from there i have no internet access on that computer. i have been able to load different removal programs via my flash drive, and i've already tried the Blaster and Sasser worm removal tools. neither said those worms were detected. what other worms/trojans/viruses are out there that exploit the rpc procedure? i guess i just have to run tons of removal tools until i find which virus it is.

Its a worm, not a virus. Once your machine resets it's gone. The real question is how in the world haven't you patched that machine yet, these attacks are ancient.

 

[stringcheeseincident]

i did patch my machine, apparently this must be a new worm because even after running McAfee Stinger numerous times, this worm wont go away. are there any reports of a new worm spreading like this? i cant find anything to fix this.

 

[MrChad]

Originally posted by: stringcheeseincident
i did patch my machine, apparently this must be a new worm because even after running McAfee Stinger numerous times, this worm wont go away. are there any reports of a new worm spreading like this? i cant find anything to fix this.

To my knowledge SP2 has corrected all known RPC vulnerabilities. What SP level are you running?

 

[Malak]

Heh I remember getting the RPC thing before sp1, but I thought SP1 fixed it already.

 

[bacillus]

Originally posted by: stringcheeseincident
i did patch my machine, apparently this must be a new worm because even after running McAfee Stinger numerous times, this worm wont go away. are there any reports of a new worm spreading like this? i cant find anything to fix this.

more than likely you need to disable system restore in order to clear the infection.

 

[bsobel]

Originally posted by: stringcheeseincident
i did patch my machine, apparently this must be a new worm because even after running McAfee Stinger numerous times, this worm wont go away. are there any reports of a new worm spreading like this? i cant find anything to fix this.

Trust me, your not patched. Reinstall SP2
Bill

 

[Aluf]

i have a virus that exploits the rpc procedure

Hm, you forgot to tell us HOW do know it's a rpc virus ??? What tools did you use ?

 

[bsobel]

Originally posted by: Aluf

i have a virus that exploits the rpc procedure

Hm, you forgot to tell us HOW do know it's a rpc virus ??? What tools did you use ?

He can't know for sure, but based on the symptoms listed (especially the 60 second shutdown) this is an RPC worm. People patch and then system restore or other event that rolls there system back and forget to repatch.

Bill