?
Solved

RPC virus

Posted on 2005-03-21
6
Medium Priority
?
1,285 Views
Last Modified: 2008-01-16
I see the following message
"System Shutdown  .... The shutdown was instituted by NT authority\system."
Message: Windows must now restart because the remote procedure call RPC service terminated unexpectedly.

I have seen other discussions that I have a worm.  My problem is that I have no time to do anything once Windows starts normally.  I don't think that all of the system tray components have loaded before I get the one miute countdown.  I have t opportunity to do the Run Services.msc command.  I have been able to boot into safe mode and run the utility, but it did not solve the problem.  

Hints and suggestions would be greatly appreciated.

JDF
0
Comment
Question by:johnfaig
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 4

Assisted Solution

by:aromberg
aromberg earned 140 total points
ID: 13596427
you can run "shutdown -a" in your start menu / run dialog to stop that from happening.
0
 
LVL 59

Expert Comment

by:LeeTutor
ID: 13596806
This sounds like the Sasser worm.  Check this:

http://www.microsoft.com/security/incident/sasser.asp
What You Should Know About The Sasser Worm And Its Variants

You can download this free tool called Stinger to get rid of it:

http://vil.nai.com/vil/stinger/

And be sure to go to Windows Update and download all the necessary patches.

0
 

Author Comment

by:johnfaig
ID: 13597714
Thanks for the suggestions.  

I ran the stinger.exe from McAfee, the fixblast.exe (from Microsoft) and blastsfx.exe and nothing was found (I ran them is safe mode if that makes a difference)

I set the RPC service to Not reboot when it fails to start.

At this point, I can do a "normal" boot, but all is not well.  The performance is extremely slow, but the task manager shows < 5% CPU utilization.

Any further suggestions would be greatly appreciated.

JDF
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 
LVL 3

Assisted Solution

by:Gianluigi_Zanettini-MegaLab_it
Gianluigi_Zanettini-MegaLab_it earned 200 total points
ID: 13600028
Unplug the modem line from your pc and then power it on

Enable the firewall (built-in or 3th part, as you prefer) and reboot

Reconnect the modem cable and try to connect to the Internet.

This should fix the problem.

Just in case, go here http://www.pandasoftware.com/activescan/activescan.asp?language=11&Country=99&Partner=1 and do a full system scan
0
 

Author Comment

by:johnfaig
ID: 13601976
Could the RPC service that does not start be responsible for my slow performance?   For example, I opened the device manager quickly, but when I clicked on properties for a device the properties windows never appeared (at least for 15 minutes before I rebooted).  Similar situation with Network Connections in control panel. No problem selecting the tool, but when I click New Connection, I never get the next dialog box.  The PC is not frozen, but I really can't do anything.  

This is preventing me from getting on the Internet and downloading additional utilities.

Further thoughts?
0
 
LVL 59

Accepted Solution

by:
LeeTutor earned 560 total points
ID: 13602119
Here is a very good site on the XP services, what they do, how to manage them, etc.:

http://www.blkviper.com/WinXP/servicecfg.htm

And this page describes the RPC service:

http://www.blackviper.com/WinXP/service411.htm#Remote_Procedure_Call_(RPC)

Remote Procedure Call (RPC)
This service is rather vital. Practically everything depends on this service to be running. This is also the only service that you cannot disable via the Services MMC. Previously, if you disabled this service in Windows 2000, your computer would become unbootable. What I am trying to tell you is leave this service on automatic and absolutely DO NOT disable it. If, for whatever reason, the service became disabled and you can no longer boot your system, please read the information here for a way to fix it.

Default XP Home: Automatic
Default XP Pro: Automatic
Safe Setting: Automatic

Service name (registry): RpcSs

Dependencies:

What service Remote Procedure Call (RPC) needs to function properly:

None
What other services require Remote Procedure Call (RPC) to function properly:

Background Intelligent Transfer Service
COM+ Event System
System Event Notification
COM+ System Application
Cryptographic Services
Distributed Link Tracking Client
Distributed Transaction Coordinator
Message Queuing
Message Queuing Triggers
Error Reporting Service
Fax *
Help and Support
Human Interface Device Access
IIS Admin
FTP Publishing *
Simple Mail Transport Protocol (SMTP)
World Wide Web Publishing *
Indexing Service
IPSEC Services
IPv6 Helper Service *
Logical Disk Manager
Logical Disk Manager Administrative Service
Logical Disk Manager Administrative Service
Message Queuing
Message Queuing Triggers
Messenger
MS Software Shadow Copy Provider
Network Connections
Windows Firewall/Internet Connection Sharing *
Network Provisioning Service *
Print Spooler
Fax *
TCP/IP Printer Server
Protected Storage
QoS RSVP
Remote Desktop Help Session Manager
Remote Registy
Removable Storage
RIP Listener
Routing and Remote Access
Security Accounts Manager
Distributed Transaction Coordinator
Message Queuing
Message Queuing Triggers
IIS Admin
FTP Publishing *
Simple Mail Transport Protocol (SMTP)
World Wide Web Publishing *
Security Center *
Shell Hardware Detection
System Restore Service
Task Scheduler
Telephony
Fax *
Remote Access Auto Connection Manager
Remote Access Connection Manager
Remote Access Auto Connection Manager
Telnet
Terminal Services
Fast User Switching Compatibility
Volume Shadow Copy
Windows Audio
Windows Image Acquisition (WIA)
Windows Installer
Windows Management Instrumentation
IPv6 Helper Service *
Security Center *
Windows Firewall/Internet Connection Sharing *
Wireless Zero Configuration
WMI Performance Adapter
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Can you find a fax from a vendor you saved a decade ago in seconds? Have you ever cursed your PC under your breath during an audit because you couldn’t find the requested statement or driver history?  If you answered no to the first question or yes …
If you have done a reformat of your hard drive and proceeded to do a successful Windows XP installation, you may notice that a choice between two operating systems when you start up the machine. Here is how to get rid of this: Click Start Clic…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question