View Full Version : Help-computer -help
August 11th, 2003, 5:29pm
I keep gettting an remote prodedure call(rpc) and get kicked off windows -it shuts down my computer. I can't get into admin. mode to run windows update since last week. Our password doesn't work anymore????? Is there anyway around it--we have windows xp proffe
August 11th, 2003, 8:07pm
Are you getting an error code? I don't really know much about this, but you can do a search at http://support.microsoft.com
There are several articles there pertaining to this problem. Just type Remote Procedure Call into the search bar and browse. If you have an error number or code, I can probably help you.
August 11th, 2003, 8:26pm
Have you kept up on your critical updates before now? I don't want to spook you, but I went and copied this from another site that someone there posted a while back. Alot of people were hit by this and major patching was going on all over the place. People's boxes were messed up bad enough over this they were talking a complete reformat. Go to the XP area at Microsoft and see about other critical updates.
I've noticed a worrying number of people aren't aware of the latest Windows vulnerability detailed on July 16th: a bug in the RPC/DCOM service allows REMOTE ROOT ACCESS to your system. Exploits are already in the wild and I can pretty much guarantee it won't be long before a worm comes out that auto exploits this and causes a huge mess.If you use Windows NT, 2000 or XP you are vulnerable. If you have a router or firewall, you likely cannot be exploited over the Internet but you should patch this all the same. The exploit can be delivered via port 135, 139 or 445 - these are all usually listening by default on Windows.The current exploits are rather crude and usually result in RPC services crashing and the machine auto-rebooting - if you've seen a message informing you the system will auto-restart in 60 seconds or something similar, this is the exploit hitting your machine. If the attacker guessed your operating system correctly, they likely are already connected with full access to your system. You should install the patch ASAP and do an up to date virus scan and look for any suspicious programs running. It won't be long though before more sophisticated exploits take the form of worms that won't crash RPC services and attempt multiple times to gain access to your box.
Microsoft TechNet Bulletin: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp
You can get the patch from Microsoft here: http://download.microsoft.com/download/9/8/b/98bcfad8-afbc-458f-aaee-b7a52a983f01/WindowsXP-KB823980-x86-ENU.exe
UPDATE: If you are getting DCOM/RPC/svchost.exe crashes after installing the patch, this is a separate issue. Microsoft hasn't released an update for this one yet, but it's coming soon - keep your eyes open on Windows Update or TechNet. To work around this in the meantime, I recommend you install a firewall and block incoming ports 1-1024.
August 11th, 2003, 8:49pm
I don't know if you want to go this far or not, but if all else fails and your password still won't work after patching you can check this out on Tech TV. There's a video there showing them running this program. Pretty cool actually.
August 11th, 2003, 8:54pm
I was getting the same thing happening to me. I would be online then all of a sudden I would be notified to save my stuff and I would be disconnected and it was due to a Remote Procedure Control interruption. I went to my ISP and they suggested I enable my ICF or internet connection firewall which you can find under the control panel and under network connections then select the Connection you want to enable ( you may have several different ISPs) then under the properties find the "advanced tab" then you should make sure you CHECK the box that will say protect my internet connection.
If this is confusing go to Help and Support under Windows XP and look up ICF or Internet Connection Firewall. And look up how to enable it.
Secondly you SHOULD go to windows update and you should also consider updating. Now this was suggested since I have Windows XP Home, so have YOUR computer check for available updates APPROPRIATE for YOUR system.
The Internet Connection Firewall (ICF) should be enabled on all connections to the Internet. I suggest you to enable your Firewall. In addition, I suggest that you install this Windows update 823980 found at
http://support.microsoft.com/?kbid=823980 if you have windows XP home. If not just check to see if you need it. You probably will need it.
August 11th, 2003, 9:17pm
I had the very same problem. I downloaded a patch from symantec and also activated my firewall. On the symantec website says the problem is a worm/virus. In some cases it is transmitted through msn messenger..so everyone beware and take precautions.
August 11th, 2003, 9:26pm
i have this same prob it just started today i was kicked off over 9x in the last 45 mins
August 11th, 2003, 9:42pm
Here is a microsoft # to call about this problem:
I had a problem today and called sbc and was given this #.
August 11th, 2003, 9:54pm
i am getting the same thing and my computer shuts down so i called my internet service provider and they said that they have a trojan virus
August 11th, 2003, 10:01pm
It is a virus, we had it earlier on all 4 computers in the house. We had to download an update from Symantec to fix it. It involves going into the registry. Hopefully by morning they will have a removal tool out. Here is the link for symantec's info.
August 11th, 2003, 10:03pm
OMG!! Here I've spent all day fighting with this - thinking it was just me! Thanks for all the advice - I'll keep checking this thread...(XP home here - same error, downloading patches as we speak).
BTW - how do I block the incoming ports mentioned?
Thanks! (not feeling so alone anymore!)
:smile3: :smile3: :smile3:
August 11th, 2003, 10:28pm
Just read thid from CNN, could this be the problem?
WASHINGTON (AP) -- A virus-like infection that was the subject of urgent U.S. government and industry warnings spread rapidly Monday across the Internet, causing computers to mysteriously restart and coordinating an electronic attack against Microsoft Corp.
Security experts said the infection, which exploits an unusually dangerous flaw in Windows software, wasn't yet seriously disrupting Internet traffic but posed that risk as it was expected to continue spreading quickly overnight.
Researchers discovered it about 3 p.m. EDT, and reported tens of thousands of infected computers inside universities, businesses and homes.
"It seems to be taking off fairly quickly," said Johannes Ullrich of Boston, who runs the D-Shield network of computer monitors.
Infected computers were programmed to automatically launch an attack on a Web site operated by Microsoft on Saturday. The site, windowsupdate.com, is used to deliver repairing software patches to Microsoft customers to prevent against these types of infections.
Microsoft offers a free patch on the Web site to protect Windows users.
The infection was quickly dubbed "LovSan" because of a love note left behind on vulnerable computers: "I just want to say LOVE YOU SAN!" Researchers also discovered another message hidden inside the infection that appeared to taunt Microsoft Chairman Bill Gates: "billy gates why do you make this possible? Stop making money and fix your software!"
Government and industry experts have anticipated such an outbreak since July 16, when Microsoft acknowledged that the flaw affected nearly all versions of its flagship Windows operating system software. (Full story)
"It's much too early to expect to see any (Internet slowdowns) whatsoever," said Vincent Gullotto, a vice president at Network Associates Inc. "It really depends on how much it spreads."
The Microsoft flaw affects Windows technology used to share data files across computer networks. It involves a category of vulnerabilities known as "buffer overflows," which can trick software into accepting dangerous commands.
August 11th, 2003, 10:29pm
In XP click Start
That should do the trick. Good luck!
August 11th, 2003, 10:34pm
It kicks me off after about 2 minutes --we couldn't get the patch to run last week-because -admin. mode wouldn't let us in ---our ip said it prpbably had locked you out already then. Think it'll be going to the shop tomorrow to get fixed .IP said it's spread across the internet. We tried a few things and nothing worked--thanks --can't believe I was able to write this and not get booted again.
August 11th, 2003, 11:22pm
What You Should Know About Microsoft Security Bulletin MS03-026
Security Update for Microsoft Windows
July 16, 2003
Are You on a Network?
If your computer is part of a managed network, contact your organization's system administrator before making changes to your computer.
Why We Are Issuing This Update
A security issue has been identified that could allow an attacker to compromise a computer running Microsoft® Windows® and gain control over it. You can help protect your computer by installing this update from Microsoft.
Products Affected by This Update
The following products require updating:
Microsoft Windows NT® 4.0
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server™ 2003
How to Check Which Version You Have
If you are unsure whether a product you are running is affected by this issue, check the version.
To determine which version of Microsoft Windows you are running:
On the taskbar at the bottom of your screen, click Start, and then click Run.
In the Run dialog box, type winver
A dialog box displays the version that you are running.
Get the update or learn more about it.
August 11th, 2003, 11:48pm
If you have access to a burner here's a file you burn to a CD and boot from that will let you reset passwords.
Maybe I just installed it a little different, but I run XP Pro and don't need to go into the admin area to run Windows update. If you've got more than one user logging on next time give yourself admin privledges. Good luck on getting this mess straightened out.
August 11th, 2003, 11:49pm
I posted this problem on a techie board because I Was curious. Here's the reply I got. He wanted to know if my friend was his mom. :)
August 11th, 2003, 11:51pm
This too: http://support.microsoft.com/?kbid=823980
August 11th, 2003, 11:58pm
The same thing happened to me. I call my ISP and they suggested I use this Url
I had to download it and then start again as the time only gave me 58 seconds or a minutes. Finally got it to work and now it seems to be back in balance.
August 12th, 2003, 12:27am
I've been online for fifteen whole minutes!!!!!:D
August 12th, 2003, 12:52am
BEWARE! Some users who have the virus have reported that while they were
attempting to download the patches from Microsoft, the virus rebooted
their computer. There is little chance of damage from this and it will be
possible to eventually receive the patches from Microsoft even if you are
infected and the virus reboots your computer. Just keep trying to get the
XP users can prevent this from happening by turning on Internet Connection
Firewall in their connection profile. IF YOU ARE AN XP USER, right click
on your connection icon, left click on Properties, click the Advanced
Tab, and place a checkmark next to "Internet Connection Firewall." This
will allow you to download the patches without the virus rebooting your
To fix this, you must edit your Windows registry. It is extremely
important that you follow these set of instructions very carefully.
Enter.net is not responsible for any damage to your computer from
following these instructions. If you don't feel competent to perform
this service, you should contact your computer dealer/consultant, or
Enter.Net's in-house service department.
1. Click Start, and then click Run. (The Run dialog box appears.)
2. Type regedit
3. Then click OK. (The Registry Editor opens.)
4. Navigate to the key by clicking on the plus next to each section:
5. In the right pane, delete the value:
"windows auto update"="msblast.exe"
6. Exit the Registry Editor by click the x in the top right corner.
August 12th, 2003, 8:34am
I would like to thank eveyone for their replies. But because we can't get into our administraive mode--our password won't work. We can't run any of the patches or anything. It has to go through there to do anything and we're locked out for some reason. So if I'm lucky I get 5 minutes. Thanks
Hopefully it'll get fixed by the weekend:( :( --
August 12th, 2003, 11:34am
I would also thank everyone for their help. I am now up and running with no problems at all and it saved me a lot of time trying to figure out what the problem was and how to fix it.
August 12th, 2003, 3:20pm
This has been an awful 24 hours. First, two keys (h and g) on my keyboard have quit working. Cleaning does not help.
Then yesterday morning I couldn’t stay on the Internet. I kept getting kicked off after about 30 seconds and windows would re-start. After 2 ½ hours on hold with Earthlink, I was told that I needed to download a patch. Well, how can I do that when I cant stay on connected? The answer was to go to library or find a friend wit h an Internet connection. So, at 10PM I head next door and downloaded the patch to a floppy. I installed it and it worked fine. I went to bed thinking everything was OK.
Wrong! This morning I start getting a message that I have a virus. I just finished cleaning it up. The best information that I could find was it www.symantec.com
They have a w32.blaster.worm removal tool that seems to work well. And, links to Microsoft for the patch.
Hopes this helps someone. Its not easy typing without h and g! Now, anybody have any hints for my problem?
August 12th, 2003, 6:46pm
You might want to read this too.
Removal tool is here:
August 12th, 2003, 7:00pm
You all all WONDERFUL!!! Thanks for all the help on this one!
The best tip (from this person - who just got through it) is go to the Symantec site and get the removal tool. Do that FIRST! Get rid of *&^* thing, get system running normally again, and THEN go get all the Microsoft patches...
Removal tool worked VERY well! System is just about back to normal now.
Thanks also for tips (firewall settings, etc).
Any tips on how to block incoming ports? (that's going to be my last 'fix) on this stuff (I hope!!)
Good luck everyone and thanks again!!!
August 12th, 2003, 9:57pm
I have found that ZoneAlarm is one the best firewall programs to use. To block your ports you just have to configure your security settings with the program you are using.
August 12th, 2003, 10:24pm
Looks like you all have a lot of feedback. Here's just one more: (HTTP://MICROSOFT.COM/TECHNET/TREEVIEW/DEFAULT.ASP?URL=/TECHNET/
This will take you to the Microsoft Blast virus page. If you suspect infection, they recommend that you either search your files or folders for msblast.exe. If the virus is there, it will show up your Windows System32 directory, or you can download the latest version of your antivirus software and scan your harddrive.
Here's a quote form the Microsoft recovery page:
"Security best practices suggest that previously compromised machines be wiped and rebuilt to eliminate any undiscovered exploits that can lead to a future compromise. See: www.cert.org/tech_tips/win-UNIX-system_compromise.html
August 12th, 2003, 11:55pm
You can test your shields here: http://grc.com/default.htm
It really is amazing how much difference there is when you're running zone alarm or going through a router.
On my old PC on a dial-up connection, port 35 was never protected, but it is now!
August 16th, 2003, 6:56pm
I'm back and on-line:cheer: My brothers roomate had to totally wipe out my whole computer. This was the 2nd computer he saw that got locked out of administrative mode(windows XP Professional). In order to run any patch or firewall you must go thru there. We set it up that way. He gave us a disk if for some odd reason this would occur again. I was going nuts not being able to play my sweeps.
August 16th, 2003, 7:59pm
Glad you're back. I know it's awful to have to re-format, but from what I'm hearing, that's really the best solution in the long run.
Now go WIN something!