RPC Restarting Issue

Mark

Right this has only seemed to start in the last half hour or so.

Basically people are getting random restarts or a little window telling them they have 60 seconds to pish off before restart.

What worked for me was:
Control Panel--->Admin Tools--->Services

Right click on Remote Call Procedures, go to properties and set it to "Take No Action".

I posted here to reach the most people, lord knows why it's happening.

Many people encounter it?

MrPinK

Apparently it's the result of someone trying to run an exploit on your machine

http://www.boards.ie/vbulletin/showthread.php?s=&threadid=109542

PiE

Got it a few mins ago myself.

Fix

tman

cheers guys, i was beginning to panic there (downloading the fix in PiE's post atm)

l3rian

yea, this has happened 3 times to me, thx for fix


omg it just happened again

Tellox

yeah,I've been getting it all day today and all day yesterday! whats going on loike?

just happened to me less then a minute ago too

Makaveli

Just happned to me a couple of minutes ago too.

Cremin

run > cmd > 'shutdown -a' stops it immediately, and for me has stopped it popping up again. Might be worth a try

sionnach

the fix in pie's post stopped it for me thx pie

Zaphod B

Problem I had was it didn't give me time to download and run the fix before it had shut down. McAfee told me it was at c:\windows\system32\ (the file was mscrash.exe or something very similar sounding, definitely began with ms) but of course wouldn't delete it, eventually I stopped it by closing McAfee, repeatedly asking Task Manager to stop the exploit file, then repeatedly attempting to rename or delete the file until it finally stopped bleeting about the file being protected and let me rename it. It bleeted a bit more about protected file, then I deleted it after a few tries.

THEN I downloaded the fix.

As usual, my question is WHY? How petty and lame do you have to be to cause this? It's not even impressive or clever, as though they've created something here. It's just another pointless little exploit which does nothing except to make the people responsible feel a little bit bigger. Personally I'm sick of the whole mentality we've had to adopt of casually going "Ah. Another exploit fvcking up my machnie. I wonder if there's a fix anywhere." Get used to it? WHY THE FVCK should we? Instead, why don't the people responsible get used to going outside occasionally or doing something else other than being petty and causing random ordinary people grief?
Rant over... til next time.

dahamsta

I find that filling my sink with water and carefully submerging my computer while still connected to the mains cures the problem permanently. To upgrade your machine with Microsoft Plus, make sure you hold the tap and the chassis of your computer firmly when performing the fix.

Muppets. That vuln was announced four weeks ago. How hard is it to go Windows Update once a week and check for patches?

Zaphod B, this isn't a trivial vulnerability. See the FAQ here.

adam

l3rian

if its not broken why download a fix... i only gte those updates when something isnt working, saves time really, if i was to bother getting ever update "once a week" i would have wasted too much time, when i can spend 10 minutes once a year downloading a 1mb file (yes first problem in 1 1/2 years of totally non updated xp)

tman

Originally posted by dahamsta
How hard is it to go Windows Update once a week and check for patches?

some of us 56k'ers have more important things to use our bandwidth on... pr0n for example.

i'm going to start doing that now myself, should take ages to get it all up to date, i haven't updated xp at all since sp1:rolleyes:

Zaphod B

Amen. Dahamsta thanks for confirming that I am indeed a muppet, ffs no I don't check for updates on a weekly basis as I really shouldn't have to (back to my point about Putting Up With Sh!t) but from now on I will since some c0cks feel it is necessary to screw with my machine. I didn't suggest it was trivial, what I did was to say it has no useful purpose except to make those responsible feel a bit more important than the petty, usually pretentious little w@nkers they are. I should know it's not trivial, I'm the one who couldn't get his computer to remain operational for more than a minute at a go.

Sorry hamsta but try and bear in mind that some of us just want to use our computers for the purposes for which we bought them without having to take time to accomodate the assholes who want to mess up our machines for no good reason. As for the announcement, bear in mind that some of us feeble plebians don't visit http://marc.theaimsgroup.com weekly, or ever for that matter. Fecksakes have some sympathy for us, we're simple

Little edited thingy at the end: I have Windows Auto-Update, so I get patches every couple of days. Clearly it didn't download this update if it was 4 weeks old. Foolishly I assumed that having Windows update automatically might actually give me patches that protect against exploits completely f*cking up my computer. That is why I didn't feel it necessary to visit the website.

Redshift

I think alot of people don't realise how big a security hole this is this is an extract from a tutorial on how to run this exploit

Now when you type a command it will be executed on the victims machine.. We
want to change the victims password to the administrator account. So type

"net user Administrator <newpass>" replace <newpass> with a new password you
want to use.

Now to make lifer easier we are going to use a tool intigrated with windows
xp.. Enter run and type "mstsc" and press "ok"
The Remote Desktop Connection program will open. Enter the victims ip in the
Computer field and press connect.

There you go! You should now se the victims login screen... Login as
administrator with the new password you entered earlier..

And your in ! Now you can do what ever you want to.. But remember the victim
will automaticly be logged out when you login.. So be quick before he logs
you out again...

I have heard that when you exit the connection to the victim the victims
computer will reboot. I think that is is the case queit often.. I
disconnected alot and suddenly I couldn't reconnect..

I don't want to scare anybody but that's an idea of what the little scumbags can do if the exploit succeeds, so get em patched. I have removed the detail on how to do the exploit for obvious reasons and before anybody asks no I don't do any of this **** I think the assholes that do should be strung up by their balls.
Cheers

Red

Mark

How hard is it to go to Windows Update once a week and check for patches?

Ah irony, you DO have a sense of humour.

You see Dahamsta, I had to reinstall XP a few weeks ago because of some typical Microsoft problem that I don't understand and occurs for no apparent reason.

Now, joy upon joy, Windows thinks my XP is a warez version (which it's not) and won't LET me install any of the Windows Updates.

I figging agree with Zaphod.

MrPinK

Even if you can't keep XP up-to-date (it is hard on 56k alright), everyone should have a firewall to block out stuff like this

dahamsta

Dahamsta thanks for confirming that I am indeed a muppet

Anytime sweety.

no I don't check for updates on a weekly basis as I really shouldn't have to

No, you shouldn't, but such is life. If you run Windows, you have to patch patch patch, or you're going to get hacked. If you don't want to patch so often, run OpenBSD.

what I did was to say it has no useful purpose except to make those responsible feel a bit more important than the petty, usually pretentious little w@nkers they are

You think DDOS attacks only come from kidiots? Come into the real world my man!

Sorry hamsta but try and bear in mind that some of us just want to use our computers for the purposes for which we bought them without having to take time to accomodate the assholes who want to mess up our machines for no good reason

You think I don't?

As for the announcement, bear in mind that some of us feeble plebians don't visit http://marc.theaimsgroup.com weekly, or ever for that matter.

It was all over the news, I think I even saw it on the BBC website.

Fecksakes have some sympathy for us, we're simple

I see you have Auto-Update, open it up and take a screenie, let's have a look at the settings, see if we can fix it.

tman, the RPC update is about a meg in size, which isn't all that bad on a dialup. Set it up and have a cup of coffee.

In all seriousness folks, ranting about Windows is a waste of time and effort. In this particular case, your machines are insecure because of you and your choices. If you don't like Windows or you think you're unable to keep it updated, uninstall it and try something else. Before you do though, remember: you'll spend nearly as much time patching Red Hat or Mandrake...

Do the right thing, get some skillz.

adam

Ryo Hazuki

Jebus! The same thing is happening to me, on XP, switched over to my Win2K hard disk(using it right now) and have ha no problems.

I though it was a hardware issue, as i put in an 80mm fan last night.

Strange, im typing with the keyboard on the ground, and searching google for an answer, The lid off the PC and monitor on the chair.

I shoulda just checked here first.

So were were ALL being accessed?

Or at least trying to?

tman

Originally posted by dahamsta
tman, the RPC update is about a meg in size, which isn't all that bad on a dialup. Set it up and have a cup of coffee.

you mean the one that PiE posted a link to?
i got that, sorted everything out nicely.
i was talking about how much i'll have to d/l to get auto update up to date

Littletinyman

Why bother checking for Windows updates when pretentious geekboys like dahamsta are more than willing to fuel their own ego by telling us how stupid we are and how to fix the latest problems with our pathetic Windows installs?

Ryo Hazuki

Lol, quite true.

"skillz" was it?

spongebob

I didnt bother with the fix because I already had a firewall .

clansman

just got that error. DL the patch and worked fine, well a after a trys,, feckin pc kept restating while DLing!!!

MrPinK

Check your registry too. You may have had a key added

http://isc.sans.org/diary.html?date=2003-08-11

dahamsta

you mean the one that PiE posted a link to?

Yup.

i got that, sorted everything out nicely.

Kewl.

i was talking about how much i'll have to d/l to get auto update up to date

Well, you can leave all the ones that aren't automatically added to your, uh, basket anyway. If it's not added to your basket, it's not critical.

You can also leave the Service Packs and Cumulative Updates for a little while, because they're nearly always rollups of previous patches. In fact this is a good idea for relatively inexperienced users, as more often than not they have nasty inconsistencies that need to be corrected.

When I was on dialup and working with a clean install, I'd do the Service Packs first, then any remaining Critical Updates and then add the fudgies as I went along. Things like DX9 might stay in there for months.

adam /blows littletinyman a kiss

DriftingRain

Was about to be throwing m PC outta the window and cussing it all at the same time. Finally got the update and it fixed it immediately. THANK YOU MUNCH!!!!

DR.

dahamsta

RPC DCOM Worm On The Loose

"The first of I'm sure many RPC DCOM worms affecting Windows is on its way, according to the Internet Storm Center. Patch those systems!" According to the site, "The worm uses the RPC DCOM vulnerability [affects Win2k through Server 2003] to propagate. Once it finds a vulnerable system, it will spawn a shell on port 4444 and use it to download the actual worm via tftp."

irishgeo

firewalled here as well so unlikely to affect me. You gotta love zonealarm and its free as well.

Zaphod B

I've taken a look at the old Auto-Update now and asked for the critical updates, which for some reason were the ones it wasn't downloading even though I'd set it up to DL them before.

I've calmed down a bit now, sorry if my rant came across as personal Hamsta

PS when I said they were little, I didn't mean short or adolescent Whatever their age or technical expertise, I stand 100% behind my allegation that they are in fact w@nkers

ando

Originally posted by Redshift
this is an extract from a tutorial on how to run this

where did you get that from? is there a website for this kind of thing ??????? I'm a network admin and would like to see how these guys work