[OT] Info on pseudo-BLaster worm or variant?

[Krsqk]

Sorry. Didn't think anyone would need basic information such as what OS I'm running.

I'm running WinXP Home. Everything was left on default settings (auto-detect). The only thing I've done is disable on-board sound/modem/LAN. (The on-board video was better than my old 8MB PCI card, so I kept it. )

Now that I think about it, though, I did have this happen once before my MB and old modem died. This Windows install was a brand new one, though, and on a brand-new HD. I didn't even import settings--that was a pain in the neck Last time I tried it, so I didn't bother with it this time.

I haven't tried a repair install, mainly because the sfc /scannow command didn't find any problems with Windows files.

[ January 18, 2004, 18:13: Message edited by: Krsqk ]

[Electrum]

With XP, IRQ conflicts are all but non existant. The first step would probably to make sure you have all the latest drivers, including for your new MB & Windows all updated. Then make sure your Anti-Virus is up-to-date.

[Atrocities]

Sounds like your OS is having a conflict. Let me guess, you bought an AMD cpu right?

Some installations of windows on AMD MB's and CPU's cause problems like this. If not an AMD, then perphas just a bad OS.

Good luck, we have all been there.

[Krsqk]

Nope, it's a P4 2.0 GHz, and I had WinXP on the previous install. All drivers/virus scans up to date as well. However, between running both the native Windows firewall and ZoneAlarm, as well as three anti-spyware programs, I've managed to keep the errors from happening again yet (1 1/2 days and still counting ). I've had a couple of Explorer crashes, but nothing like it was before.

I just wish I could find out what the error was. I never got a (helpful) response on techguy.org--very disappointing for a site that's always been helpful before.

[Electrum]

I stopped using ZoneAlarm as it was causing to many crashes. I started using Sygate instead.
Go into Control Panel - Administrative Tools - Event Viewer. It will tell you what software is creating the error.

[Ed Kolis]

I'm getting the forced shutdowns too; how DO you stop them? sorry I'd explain more but I have 15 sec levt!!!!

edit: OK, the system rebooted and I'm back... fortunately this hasn't happened too far into any pbw turns!

What I meant to ask is, how do you disable the "shutdown on RPC error"?

More info that might help... I scanned my system with a free virus scanner (AntiVir Free Edition) and it found LoveSan or some such virus; it said the file c:\windows\system\msrc.exe or somesuch (maybe it was system32, or msfc) was infected, and I did find a registry entry (using FreshDiagnose) that was loading that file on startup - dunno if it's a real Microsoft file or not, but I deleted the entry and it hasn't made things any worse. I did recently reformat my c: partition because I was having other troubles which seemed to be a virus, but either I got reinfected Online or from my other partition where I kept most of my data and applications. (Maybe I need more partitions so I can eliminate them one by one instead of all the data/apps/games/etc. all at once... but then it's a pain to resize them when they've already got data... )

[ January 20, 2004, 02:32: Message edited by: Ed Kolis ]

[Krsqk]

1) While disconnected, open Control Panel -> Administrative Tools -> Services.
2) Find the Remote Procedure Call process and right-click on it and select Properties. [Note: there is also a Remote Procedure Call Locator process--the one you want should be right above it.]
3) Select the Recovery tab and change each of the first three drop boxes to "Take No Action." Click OK and exit out to desktop.
4) Go Online to http://securityresponse.symantec.com...oval.tool.html and download the FixBLast.exe BLaster worm removal tool. Follow the instructions for its use (may need to reboot and run in Safe Mode once, then reboot and run again in Normal Mode). Do not forget to disable System Restore before running the utility--future restores may bring back the worm. (Instructions for disabling System Restore available here.)
5) [Optional, but recommended, step]. Enable the Windows firewall (or another firewall, such as ZoneAlarm). This should prevent any remaining worms/trojans from accessing the Internet and allow you to complete your download in (relative) peace.
6) Go to Windows Update and download any security patches/critical updates/hotfixes they have for you.
7) You may also wish to navigate to http://grc.com/freepopular.htm and check out the DCOMbobulate and UnPNP freeware that is available there, as well as many other nifty (and tiny) progs. They tend to disable many security holes M$ left enabled for all us home-based end-Users who want to feel like corporate network administrators and computer programmers all rolled into one.
8) Oh, and once you're finished, go back and restore the original RPC service settings, or at least change it to "Restart Service."

[ January 20, 2004, 04:12: Message edited by: Krsqk ]