Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

RPC virus

Posted on 2005-03-21
6
Medium Priority
?
1,286 Views
Last Modified: 2008-01-16
I see the following message
"System Shutdown  .... The shutdown was instituted by NT authority\system."
Message: Windows must now restart because the remote procedure call RPC service terminated unexpectedly.

I have seen other discussions that I have a worm.  My problem is that I have no time to do anything once Windows starts normally.  I don't think that all of the system tray components have loaded before I get the one miute countdown.  I have t opportunity to do the Run Services.msc command.  I have been able to boot into safe mode and run the utility, but it did not solve the problem.  

Hints and suggestions would be greatly appreciated.

JDF
0
Comment
Question by:johnfaig
6 Comments
 
LVL 4

Assisted Solution

by:aromberg
aromberg earned 140 total points
ID: 13596427
you can run "shutdown -a" in your start menu / run dialog to stop that from happening.
0
 
LVL 59

Expert Comment

by:LeeTutor
ID: 13596806
This sounds like the Sasser worm.  Check this:

http://www.microsoft.com/security/incident/sasser.asp
What You Should Know About The Sasser Worm And Its Variants

You can download this free tool called Stinger to get rid of it:

http://vil.nai.com/vil/stinger/

And be sure to go to Windows Update and download all the necessary patches.

0
 

Author Comment

by:johnfaig
ID: 13597714
Thanks for the suggestions.  

I ran the stinger.exe from McAfee, the fixblast.exe (from Microsoft) and blastsfx.exe and nothing was found (I ran them is safe mode if that makes a difference)

I set the RPC service to Not reboot when it fails to start.

At this point, I can do a "normal" boot, but all is not well.  The performance is extremely slow, but the task manager shows < 5% CPU utilization.

Any further suggestions would be greatly appreciated.

JDF
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 3

Assisted Solution

by:Gianluigi_Zanettini-MegaLab_it
Gianluigi_Zanettini-MegaLab_it earned 200 total points
ID: 13600028
Unplug the modem line from your pc and then power it on

Enable the firewall (built-in or 3th part, as you prefer) and reboot

Reconnect the modem cable and try to connect to the Internet.

This should fix the problem.

Just in case, go here http://www.pandasoftware.com/activescan/activescan.asp?language=11&Country=99&Partner=1 and do a full system scan
0
 

Author Comment

by:johnfaig
ID: 13601976
Could the RPC service that does not start be responsible for my slow performance?   For example, I opened the device manager quickly, but when I clicked on properties for a device the properties windows never appeared (at least for 15 minutes before I rebooted).  Similar situation with Network Connections in control panel. No problem selecting the tool, but when I click New Connection, I never get the next dialog box.  The PC is not frozen, but I really can't do anything.  

This is preventing me from getting on the Internet and downloading additional utilities.

Further thoughts?
0
 
LVL 59

Accepted Solution

by:
LeeTutor earned 560 total points
ID: 13602119
Here is a very good site on the XP services, what they do, how to manage them, etc.:

http://www.blkviper.com/WinXP/servicecfg.htm

And this page describes the RPC service:

http://www.blackviper.com/WinXP/service411.htm#Remote_Procedure_Call_(RPC)

Remote Procedure Call (RPC)
This service is rather vital. Practically everything depends on this service to be running. This is also the only service that you cannot disable via the Services MMC. Previously, if you disabled this service in Windows 2000, your computer would become unbootable. What I am trying to tell you is leave this service on automatic and absolutely DO NOT disable it. If, for whatever reason, the service became disabled and you can no longer boot your system, please read the information here for a way to fix it.

Default XP Home: Automatic
Default XP Pro: Automatic
Safe Setting: Automatic

Service name (registry): RpcSs

Dependencies:

What service Remote Procedure Call (RPC) needs to function properly:

None
What other services require Remote Procedure Call (RPC) to function properly:

Background Intelligent Transfer Service
COM+ Event System
System Event Notification
COM+ System Application
Cryptographic Services
Distributed Link Tracking Client
Distributed Transaction Coordinator
Message Queuing
Message Queuing Triggers
Error Reporting Service
Fax *
Help and Support
Human Interface Device Access
IIS Admin
FTP Publishing *
Simple Mail Transport Protocol (SMTP)
World Wide Web Publishing *
Indexing Service
IPSEC Services
IPv6 Helper Service *
Logical Disk Manager
Logical Disk Manager Administrative Service
Logical Disk Manager Administrative Service
Message Queuing
Message Queuing Triggers
Messenger
MS Software Shadow Copy Provider
Network Connections
Windows Firewall/Internet Connection Sharing *
Network Provisioning Service *
Print Spooler
Fax *
TCP/IP Printer Server
Protected Storage
QoS RSVP
Remote Desktop Help Session Manager
Remote Registy
Removable Storage
RIP Listener
Routing and Remote Access
Security Accounts Manager
Distributed Transaction Coordinator
Message Queuing
Message Queuing Triggers
IIS Admin
FTP Publishing *
Simple Mail Transport Protocol (SMTP)
World Wide Web Publishing *
Security Center *
Shell Hardware Detection
System Restore Service
Task Scheduler
Telephony
Fax *
Remote Access Auto Connection Manager
Remote Access Connection Manager
Remote Access Auto Connection Manager
Telnet
Terminal Services
Fast User Switching Compatibility
Volume Shadow Copy
Windows Audio
Windows Image Acquisition (WIA)
Windows Installer
Windows Management Instrumentation
IPv6 Helper Service *
Security Center *
Windows Firewall/Internet Connection Sharing *
Wireless Zero Configuration
WMI Performance Adapter
0

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Can I legally transfer my OEM version of Windows to another PC?  (AKA - Can I put a new systemboard in my OEM PC?) Few of us are both IT and legal experts but we all have our own views of Microsoft's licensing rules and how they apply.  There are…
Migration of Exchange mailbox can be done with the ExProfre.exe tool. But at times, when the ExProfre.exe tool migrates the Exchange Server user profile, it results in numerous synchronization problems. Synchronization error messages appear in the e…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
The Relationships Diagram is a good way to get an overall view of what a database is keeping track of. It is also where relationships are defined. A relationship specifies how two tables connect to each other. As you build tables in Microsoft Ac…
Suggested Courses
Course of the Month13 days, 11 hours left to enroll

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question