All About Richmond Newsletter
 

  
 

Newsletter

  
 

August 12, 2003

Computer Shutting Down By Itself?

It has been brought to my attention that over the past two days numerous people have been getting hit with their computer freaking out and RPC services shutting down the system.  This will typically involve anyone running XP.

Microsoft has announced that there is a new worm that is going around infecting computers that are vulnerable.  We have already had a few members who have this problem.  This worm ONLY affects those of you with Windows NT 4.0, 2000, XP, or 2003.  This does not affect those of you with Windows 95, 98, or ME.  So, if you have Windows 95, 98, or ME you can disregard this e-mail.

This worm is an exploit in the Windows DCOM RPC service.  If someone has the worm, when they are online, it scans the internet for others who have not patched this security hole.  It attempts to install itself on your computer.  Most people experience a pop-up window that says 'RPC Services have stopped' and then it restarts the computer.  If you have this problem you will get disconnected and your computer will reboot.

To fix that do the following (offline):

1.  Click Start > Run
2.  Type 'services.msc' (without quotes) and click ok.
3.  The Services Administration box will appear.  On the right hand side, all of the services on your machine are listed in alphabetical order. 
4.  Scroll down until you see 'Remote Procedure Call (RPC)'
5.  Double click 'Remote Procedure Call (RPC)'
6.  Under 'First Failure', 'Second Failure' and 'Subsequent Failures'; change the option from 'Restart your computer' to 'Take no action'.  Click OK, and exit the Services Administration box.

Please Note:  Ignore the second RPC service labeled with 'Locator'.

Once that is finished, your computer won't unexpectedly restart.  After that you can go online to the following link:

http://support.microsoft.com/?kbid=823980

Scroll down to the 'Resolution' Section and select your version of windows to download and apply the patch.  After the patch is installed, restart your computer and follow the same steps above to change your service recovery options back to the way they were.  Meaning, you need to change them from 'take no action' to 'restart your computer'.

After all that is done, you will have no problems with that exploit.  But please remember, run Windows Update periodically and keep your Virus Scanners up-to-date!

More information about this exploit and worm can be found at the following links:

http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100547
http://support.microsoft.com/?kbid=823980
http://www.sophos.com/virusinfo/analyses/w32blastera.html
http://www.blackviper.com/AskBV/tech10.htm

Microsoft recognizes this exploit here:
http://support.microsoft.com/?kbid=823980

Thanks to Jeremiah at Klondyke's Online Services

Thanks for visiting!
Jim Hanus
www.AllAboutRichmond.com
email: list@allaboutrichmond.com

  
     

[All About Richmond Homepage] [Business Directory] [Local Events]
All About Richmond is sponsored and maintained by Jim Hanus and Michigan Imaging Supply L.L.C.
 Copyright 2000-2007 MIS L.L.C. All rights reserved.
Not affiliated with the City of Richmond, Michigan. No commercial reproduction, adaptation,
distribution or transmission of any part or parts of this website or any information contained therein
 by any means whatsoever is permitted without the prior written permission of MIS.
Questions or Comments? Send us Email. Website Design by MIS LLC - Specifications subject to change.
Please read our Disclaimer and Service Agreement. - Last updated 02/20/2008 06:51:52 AM.