• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 462
  • Last Modified:

MSBlast and its variants any other options to fix it?

Yes I've tried googling the answers, and I found 2 'fixes' from Symantec that was supposed to resolve my problem: fixblast and fixwelchia.

================
This system is shutting down. Please save all work in progress
and log off. Any unsaved changes will be lost. This shutdown
was initiated by NT AUTHORITY\SYSTEM

Message:
Windows must now restart because the Remote Procedure Call
(RPC) service terminated unexpectedly
===================

Running both, they found nothing, and now my computer just refuses to boot. Currently in the office so I thought I'll see if anyone else can tell me if there's anything else I can try for this problem.

Would appreciate any useful reply. Thanks in advance.

0
Keyven
Asked:
Keyven
4 Solutions
 
phototropicCommented:
I haven't seen Blaster worm for years.  Both those tools you mention have not been updated for several years.  What makes you think it is this infection?

I suggest you download Mbam:

http://www.malwarebytes.org/products/malwarebytes_free

Update it and then run a full scan.  Post the log here for review.
0
 
nobusCommented:
and run this one too :   Spybot :        http://www.download.com/3000-8022-10122137.html
0
 
rpggamergirlCommented:
Make a rescue CD and boot from it and try cleaning the system.

1.  Download AVG rescue CD.(download the ISO file)
http://www.avg.com/us-en/download-file-cd-arl-iso

Here's the AVG CD rescue guide if needed.
http://www.avg.com/us-en/226386

Download/install Active@ ISO Burner
http://www.ntfs.com/iso-burning.htm


After you install the ISO Burner, just insert a blank CD in the drive,
then doubleclick AVG Rescue CD.iso you downloaded and Active@ ISO Burner should start up...click "Burn".

Once the rescue CD is made, use it to boot up the computer.
At the update screen, choose Update from internet if you have internet connection.
then run a scan....choose to Rename the infected file, don't choose Delete!



2.  Alternatively, you can use DrWebLiveCD.
Download and burn the iso using ISOBurner and once made boot from it and scan the system.
http://download.geo.drweb.com/pub/drweb/livecd/drweb-livecd-600.iso


3. OR, the FREE F-Secure Rescue Bootable CD to clean virus and malware.
http://www.techmixer.com/free-f-secure-rescue-bootable-cd-to-clean-virus-and-malware/
0
 
☠ MASQ ☠Commented:
As others have already posted Windows was patched sometime ago to deal with Blaster and it's clones so if you have SP3 it is a different nasty.
As advised above try creating a bootable disk so only knw processes are running while looking for the culprit.

If you need to disable to countdown due to the RPC shutdown you can do this by:

Before or while shutdown message displayed open a Run box (Start>Run or Windows Key + 'R') and enter SHUTDOWN –A  this will suspend the process as a temporary measure.

If you have XP Pro open a run box and enter services.msc

From the list of services that appear find Remote Procedure Call (RPC) [Not (RPC) Locator] - right-click - choose Properties and go to the Recovery Tab

Change the settings from "Restart the Computer" to "Take No Action"

This is just a temproary workaround while you are solving the problem and you'll need to restore the settings once you have finished your clean-up but will allow you access to your infected computer without the timeout.



0
 
KeyvenAuthor Commented:
Thanks for the answers, My computer decided to just stop booting up altogether so I had little choice but to reinstall the damn thing. Guess it was for the best because it had no end of surprises to throw at me.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now