Blaster Virus??!! Was this on the machine already?? I upgraded to XP SP1---shouldn't that have caught it?
:(
Main Topics
Browse All TopicsI upgraded my sister-in-law's PC last night from Windows ME to XP Pro last night. If it was up to me, I would have blown everything away and started fresh, but she wanted to keep things the same, so I did the upgrade. It is a three year old Dell Dimension 8100 with a 1.4 GHz Pentium 4. Before I did the upgrade I installed a Sony DVD+R/RW drive and two 512 MB RDRAM modules (I know, I would have put the money towards a new PC if it was my box) without incident. I ran the compatability check and came up with a bunch of software that I removed (all but PCAnywhere 8.0). The only hardware issue was the Santa Cruz Turtle Beach sound card. I did not physically remove. Finally I created a new Ghost image of the whole mess onto another partition of the 60 GB hard drive.
Having never done an upgrade before (lots of fresh installs) I guess it went OK. Some of the Dell somftware (E-support button...whatever that is) and miscellaneous programs give error messages (pop-up's) that I closed out OK. I was looking for new drivers for the sound card when the PC presented a pop-up that said "the Remote Procedure Call Service has terminated unexpectedly...Windows will close in 60 seconds...NT Authority\System". It proceeded to count down and reboot. It did this again and again, with the uptime before reboots ranging from a minute to over 30 minutes.
The little research I have done tells me that this is an NT/2000/XP service"provides the endpoint mapper and other miscellaneous RPC services". But I am at a dead end as far as how to fix it.
I'd really like to just make the upgrade work rather than a fresh install of XP. Any ideas would be greatly appreciated.
Thanks.
This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.
Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.
If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.
Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.
Access the answers to your technology questions today.
30-day free trial. Register in 60 seconds.
Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Try it out and discover for yourself.
30-day free trial. Register in 60 seconds.
Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.
Msblaster... Wicked little thing.
dudley.. make sure you have turned on the Automatic Updater. This will help keep these things in ck. First thing you do when installing XP is to patch the system. Always.
The tips LucF showed you should fix you right up, but we are all here to help if you get into trouble.
Right LucF?
wow.....I can't believe that less than a total of 1 hour on the 'net after the upgrade did this.....of course that's what I deserve for removing ZoneAlarm and disabling virus protection!
So now what is the best course of action....patch and clean, or just revert back to the Ghost image I did just before the upgrade? I'm thinking patch/clean so my sister-in-law can use the PC.
Thanks for the help guys....a virus was about the LAST thing on my list as to the cause of the problem....here I was thinking somethin went wrong in the registry during the upgrade....
Thanks.
dD
Hi dudleydocker
You are for sure infected by a virus aclled 'MSBLASTER'
Better download the patch from the MICROSOFT.COM or from the link that are mentioned above from other guys
the other way, if still the prolem existes (only then)..
1) Go to the drive in which XP is installed and then WINDWS then SYSTEM32 folder..
locate the 'BLASTER.exe' and delete that file
2)Go to START>RUN>regedit
Press F3 and write 'blaster' and search for it and delete the file where ever it is! then close it
3) and open a note pad and (leave it blank) and save it as "blaster.exe" (remeber to put quotes while saving)
and save it in the same folder .. (system32)
restart the PC ..
NOTE INPORTANT INFO:
This virus 'blaster' is so programmed that it will effect the PC only upto DEC 31, 2003 after that, it will automatically get disabled!
Better Luck
-notch_ur_head
Hello,
I just warning from "NOTE INPORTANT INFO" Notch_ur_head: This virus 'blaster' is so programmed that will effect the PC only upto DEC 31, 2003 after that, it will automatically get disabled!...
NO...My compuyter just get exactly this problem before yesterday (March 17, 2004) after few days I updated Win XP/Pro to SP1.
Everyone, Please do not ignore with this worm...
vbn,
I didn't say it that time, but you're certainly right. Only the DoS attack it performs stopped at dec 31, the backdoor would still be there.
Maybe notch_ur_head was just waiting for the Welchia worm as it the best viruscleaner for the Blaster virus I know, it's stops the blaster.exe process, deletes the file, changes the registry keys back to normal. Only one side effect, you will have another worm on your system. LOL!
LucF
Okay, I had this same problem as dudleydocker and I uninstalled XP Pro . So here are my questions.
Can I download the patch from the Internet and store it on my computer while still running the Win 98 operating system and then run the patch once I have Window XP installed? I ask because while in XP the worm shuts down my computer before I have a chance to download patches?
Question 2: After uninstalling windows XP my Kingston EtherRx PCI 10/100 Fast Ethernet Adapter ended up on the same PCI number (number 11) as my VIA Tech 3038 PCI to USB Universal Host Controller. and my ACPI IRQ Holder for PCI IRQ Steering.
Now my ethernet card won't work even though the Reserve Resources tab lists no conflicts on either the Ethernet card of the ACPI or the VIA Tech.
I want to remove the Ethernet card driver, take the card out of the back of the computer and then put it back in. It is a plug and play card. I'm thinking that once I re-install it the automatic driver will go to the first available PCI spot without conflicts. Please give me your thoughts.
Business Accounts
Answer for Membership
by: LucFPosted on 2003-12-21 at 12:00:01ID: 9981957
Hi dudleydocker,
mantec.com /avcenter/ venc/data/ w32.blaste r.worm.htm l
om/?kbid=8 23980
echnet/tre eview/?url =/technet/ security/b ulletin/MS 03-026.asp
ecurity/se curity_bul letins/ms0 3- 026.asp
.com/Artic le.aspx?Ar ticle=342 ecurity/in cident/bla st.asp
er/securit y/Content/ 8205.html
http://securityresponse.sy
Download the MS03-026 patch from Microsoft.
http://support.microsoft.c
Relevant Links:
**************
http://www.microsoft.com/t
http://www.microsoft.com/s
http://www.bigblackglasses
http://www.microsoft.com/s
Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability:
http://www.sarc.com/avcent
Greetings,
LucF