Link to home
Start Free TrialLog in
Avatar of johnfaig
johnfaig

asked on

RPC virus

I see the following message
"System Shutdown  .... The shutdown was instituted by NT authority\system."
Message: Windows must now restart because the remote procedure call RPC service terminated unexpectedly.

I have seen other discussions that I have a worm.  My problem is that I have no time to do anything once Windows starts normally.  I don't think that all of the system tray components have loaded before I get the one miute countdown.  I have t opportunity to do the Run Services.msc command.  I have been able to boot into safe mode and run the utility, but it did not solve the problem.  

Hints and suggestions would be greatly appreciated.

JDF
SOLUTION
Avatar of aromberg
aromberg

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of LeeTutor
This sounds like the Sasser worm.  Check this:

http://www.microsoft.com/security/incident/sasser.asp
What You Should Know About The Sasser Worm And Its Variants

You can download this free tool called Stinger to get rid of it:

http://vil.nai.com/vil/stinger/

And be sure to go to Windows Update and download all the necessary patches.

Avatar of johnfaig
johnfaig

ASKER

Thanks for the suggestions.  

I ran the stinger.exe from McAfee, the fixblast.exe (from Microsoft) and blastsfx.exe and nothing was found (I ran them is safe mode if that makes a difference)

I set the RPC service to Not reboot when it fails to start.

At this point, I can do a "normal" boot, but all is not well.  The performance is extremely slow, but the task manager shows < 5% CPU utilization.

Any further suggestions would be greatly appreciated.

JDF
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Could the RPC service that does not start be responsible for my slow performance?   For example, I opened the device manager quickly, but when I clicked on properties for a device the properties windows never appeared (at least for 15 minutes before I rebooted).  Similar situation with Network Connections in control panel. No problem selecting the tool, but when I click New Connection, I never get the next dialog box.  The PC is not frozen, but I really can't do anything.  

This is preventing me from getting on the Internet and downloading additional utilities.

Further thoughts?
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial