MSBlast and its variants any other options to fix it?

Posted on 2011-04-24
Last Modified: 2012-08-13
Yes I've tried googling the answers, and I found 2 'fixes' from Symantec that was supposed to resolve my problem: fixblast and fixwelchia.

This system is shutting down. Please save all work in progress
and log off. Any unsaved changes will be lost. This shutdown
was initiated by NT AUTHORITY\SYSTEM

Windows must now restart because the Remote Procedure Call
(RPC) service terminated unexpectedly

Running both, they found nothing, and now my computer just refuses to boot. Currently in the office so I thought I'll see if anyone else can tell me if there's anything else I can try for this problem.

Would appreciate any useful reply. Thanks in advance.

Question by:Keyven
    LVL 23

    Assisted Solution

    I haven't seen Blaster worm for years.  Both those tools you mention have not been updated for several years.  What makes you think it is this infection?

    I suggest you download Mbam:

    Update it and then run a full scan.  Post the log here for review.
    LVL 91

    Assisted Solution

    and run this one too :   Spybot :
    LVL 47

    Assisted Solution

    Make a rescue CD and boot from it and try cleaning the system.

    1.  Download AVG rescue CD.(download the ISO file)

    Here's the AVG CD rescue guide if needed.

    Download/install Active@ ISO Burner

    After you install the ISO Burner, just insert a blank CD in the drive,
    then doubleclick AVG Rescue CD.iso you downloaded and Active@ ISO Burner should start "Burn".

    Once the rescue CD is made, use it to boot up the computer.
    At the update screen, choose Update from internet if you have internet connection.
    then run a scan....choose to Rename the infected file, don't choose Delete!

    2.  Alternatively, you can use DrWebLiveCD.
    Download and burn the iso using ISOBurner and once made boot from it and scan the system.

    3. OR, the FREE F-Secure Rescue Bootable CD to clean virus and malware.
    LVL 62

    Accepted Solution

    As others have already posted Windows was patched sometime ago to deal with Blaster and it's clones so if you have SP3 it is a different nasty.
    As advised above try creating a bootable disk so only knw processes are running while looking for the culprit.

    If you need to disable to countdown due to the RPC shutdown you can do this by:

    Before or while shutdown message displayed open a Run box (Start>Run or Windows Key + 'R') and enter SHUTDOWN –A  this will suspend the process as a temporary measure.

    If you have XP Pro open a run box and enter services.msc

    From the list of services that appear find Remote Procedure Call (RPC) [Not (RPC) Locator] - right-click - choose Properties and go to the Recovery Tab

    Change the settings from "Restart the Computer" to "Take No Action"

    This is just a temproary workaround while you are solving the problem and you'll need to restore the settings once you have finished your clean-up but will allow you access to your infected computer without the timeout.


    Author Closing Comment

    Thanks for the answers, My computer decided to just stop booting up altogether so I had little choice but to reinstall the damn thing. Guess it was for the best because it had no end of surprises to throw at me.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
    If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
    As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
    In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now