View Full Version : RPC ??

Dyl Ulenspiegel
11-08-2003, 18:07:05
In the latest show of computer oddities, I get a pop up telling me that remote procedure call has been terminated, and windows NT (I have XP) has to be ended. I get one minute, then windows shuts down and reboots.

This PC isn't on any network. Has it got to do with the home-network it shows in the explorer? Wtf is this? How can it be cured?

And don't forget that I'm pretty much computer illiterate, so don't call me stupid and keep it simple. Or call me stupid, as long as you have a simple answer...

11-08-2003, 18:14:43
Install Linux, stupid.

XP is NT 5.1. The RPC services are required for the operating system to, um, work. But assuming you didn’t close anything with Task Manager yourself, I have no idea what happened.

Dyl Ulenspiegel
11-08-2003, 18:17:07
There's a folder "NT authority", whatever this is. Funny thing is, it came suddenly, didn't change anything before.

And there it is again.

11-08-2003, 21:15:59
Linux is fantastic, unless you're the owner of a Geforce MX 400. The 3d-accelerated Nvidia binary-only drivers leak memory and crash the machine regularly. I eventually gave up and switched to the open-source 2d XFree86 nv driver, and the machine is now stable again.

I suppose it's really Nvidia's fault, but they didn't have to write a driver at all. At least I can load it when I want to play 3D games, though the driver is so nasty that a reboot is required to get it completely out of memory.

11-08-2003, 23:34:00
RPC is a kludge a pre-CS student made up decades ago, and its a huge security hole that is finally being publically exploited by script kiddies. And it is just as bad on IBM's admitted SCO owned Linux as it is in any Windoze product.

Roland, I don't know what your system was doing, but it sounds suspicious. I'd advise a few security oriented tool usages... an anti-virus and a spybot check. There's a few new nasties going about, making use of the old RPC holes.

12-08-2003, 02:41:02
You twat!

You didn't keep up to date on security updates, now you got your ass owned by a worm.

Maybe next time you'll actually update like you're supposed to.

12-08-2003, 03:23:12

Click the removal link and do what it says! It's nasty.


Read and do this too.

Dyl Ulenspiegel
12-08-2003, 06:43:47
Thanks zmama.

Asher: Funny, I have an online virus checker from the provider, but it seems to have holes or it's not working properly. Will check this, you cunt.

12-08-2003, 07:05:22
I recommend a firewall. I had the same problem but the firewall blocked the internet access.

Strange enough I don't know where the infection coms from. I usually use a firewall and a virus scanner. I sometimes turn them off while ftp-ing via my html-editor, because the glorious software crashes from time to time if I use the firewall/virus chec.
The problem occured after I did the upload of the paintings. I probably forgot to re-activate the firewall.

Sir Penguin
12-08-2003, 07:09:09
Originally posted by Dyl Ulenspiegel
Thanks zmama.

Asher: Funny, I have an online virus checker from the provider, but it seems to have holes or it's not working properly. Will check this, you cunt.

It's not a virus scanner that's the issue, it's installing the Windows critical updates. They're critical for a reason. :)


Dyl Ulenspiegel
12-08-2003, 07:21:40
Gawd, if only normal product liability laws applied to microsoft....

12-08-2003, 07:29:47
Eat my EULA

Dyl Ulenspiegel
12-08-2003, 07:33:11

Sir Penguin
12-08-2003, 07:36:03
I always used to think that a EULA was part of Eudora.


12-08-2003, 07:39:18
EULA. A bird.

Dyl Ulenspiegel
12-08-2003, 07:44:28

Guess I'll have to look up the microcrap patches. * Würg *

Sir Penguin
12-08-2003, 08:21:04
You know that there's a "Windows Update" utility in XP that does it for you?


12-08-2003, 08:26:07
"The worm also attempts to perform a Denial of Service (DoS) on windowsupdate.com. This is an attempt to prevent you from applying a patch on your computer against the DCOM RPC vulnerability"

Dyl Ulenspiegel
12-08-2003, 08:27:19
I hate letting do xp anything. But I'll reconsider it.

12-08-2003, 10:35:58

Qaj the Fuzzy Love Worm
12-08-2003, 19:56:24
This is great. A worm than prevents you from fixing the hole that lets the worm propogate.

They should have included all the major virus checker companies in the DDoS if they wanted to really be sure no-one could fix it, but I guess they're just not that malicious. Ha!

And I'm amused by this because for the past 5 hours I've been running around at work trying to stop the spread of the damn thing, only to find that the last two procedures for getting rid of it have been flawed... :D

Dyl Ulenspiegel
12-08-2003, 20:36:44
I downloaded the symantec program and the MS patch over the laptop. Seems I got rid of the damn thing...

12-08-2003, 21:01:33
Unlike Windows 2000, Linux does not need RPC. AFAIK, the only ports listening on my machine are TCP 631 and UDP 631. I was too lazy to read the CUPS documentation to see if there wasn't some way to make the printing service local-only like X with the -nolisten option. If I had a connection that warranted a firewall, I'd take care of it.

12-08-2003, 21:47:59
Windows only uses the RPC for talking with *NIX machines, last I checked. They've got their own several ways to request a Windoze machine run a process. We found several holes in those as well, but that was years ago that the first holes got corrected (back in the NT 3 and 3.1 days).

22-08-2003, 17:36:31
I got blasted yesterday. On dialup no less. In fact, the firewall I installed detects attacks within minutes of connecting. Kerio and ZoneAlarm seem to do the job. I got rid of the worm using housecall.trendmicro.com. In my case, I had to restore my original system files by booting off the Windows 2000 CD and doing a "Repair". After that, I went to the MS Windows Update site to apply all the fixes available. Not that it matters because the firewall is working, but if I ever have the firewall stopped for a few seconds, then it would be nice to have a small chance of defeating an attack. :)

22-08-2003, 19:46:24
My personal ISP provider blocked out Blast and its variants about the first day it was in the general IT buzz news. But I still keep my machine up to date. These days, if someone releases the details of an exploit to a security list, there will be a new exploiter (worm or virus) within 6 weeks of the details being dropped. You'd think that would make it easy to find these bozos...

MSBlast is an excellent example of open source development. Someone made some crappy code that just happened to work. It got picked up and expanded to 3 flavors of Windoze. Which got picked up and fixed to work on all but Windows 3.1/95/98. And then it got picked up and refined to blast out 300 attacks per attack cycle... Nice work, Open Source! Now if only you could do that with something useful, in such short time. ;)

29-08-2003, 19:10:22
Some dummy got caught by the FBI for distributing a variant of MSBlast.


30-08-2003, 04:27:19
Yeah, but how did he get caught? I heard on the news that one of his "friends" saw him "testing" it, and called it into the FBI.

Of course, that's how the catch most of the virus writers... their friends turn them in. Lesson: Be an anti-social hermit if you are going to write viruses for fun. ;)

30-08-2003, 05:13:20
I recall from the article that this guy was so dumb, he put a reference to his website somewhere in the code. Find the string, go to the registrar, get the record, track the money. Not a smart individual.

30-08-2003, 06:41:22
He was a very big idiot, indeed. He'll go away for life for that stunt. Or close enough for government work...

31-08-2003, 04:09:56
That works for me. The original creator of Blaster should be set on fire and shot out of a cannon.