i need your help this keeps commin up any idea how to stop it?

http://www.angelfire.com/super2/shadowsigs/images/wtf.JPG

In the command line type: shutdown.exe \a

then confirm it by pressing y and then ENTER

NB - Make sure you do it from the directory that shutdown.exe is in. Try also to work out what application is calling shutdown.exe.

it was a service, remote call procedure, funny thing is i cant disable or shut it down, so i found a work round the recovery options i chose when it fails instead of restarting, i chose do nothing for all the options, and it hasnt comlplained, odd this is a new instalation as of 3 hours ago,

Have you run the updates to this machine? Service packs?

Seems like someone could be taking advantage of your machine if you haven't:

http://www.kb.cert.org/vuls/id/261537


Especially if you are running some kind of server either file or web.

well my servers arent up nd iv slipstreamed the latest service pack into my cd,

http://www.techzonez.com/forums/showthread.php?threadid=5017

use Boogs tip,and also read this thread and follow the links posted by Me & FG.

http://www.techzonez.com/forums/showthread.php?s=&threadid=6374

all my services are screwed, thier showing up blank, i think its time to format,

me, gimmie, and a freind of mine are all gettin the same RPC Server error.

USE MY TIP.

If after everytime you restart your PC you are getting the remote Procedure Call problem and it restarts your PC automatically,
MAKE SURE TO UNPLUG YOUR NIC FIRST!!!!

Just pull the ethernet cable out, restart, run my tip, then plug it back in and your problem is solved.

im not suer why or how this is happenin, that was the first thing i tryed, ill show ya what ime gettin since i tryed to restart the service,

If that tip does not work, try this one:
when message appears, telling you system will shutdown, run "shutdown.exe -a", and it won't reboot.

Let me know if that works.

u can use dameware nt utilities to uninstall the rpc service in its service view if u would like or to completely disable it.. DWNTU can be found at

Daemonware NT utilities (http://www.dameware.com/download/default.asp#dntu)

once installed run dameware... type in ur ip or the name of ur computer eg (homecomp) or whatever.. ur computer will be displayed below.. look for the services section of the menu.. open the expanding menu.. then double click on "services view".. this will list all services running and not running on ur sytem... search through for the rpc server once found it right click on it and in the menu choose "remove service..." this will remove it from ur system and ur problem is fixed...




That should also help. Just remove the service.

i cant move fiels from folder to folder or partition to partiton if its disabled,

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp

Did you try that update above?

Something else to try below:

it's actually very easy to fix even if you are already affected by it on your pc. all you have to do it start your pc with your network cable unplugged. go into msconfig and take msblast.exe out of the start up. then open task manager and end the process of msblast.exe. go to your windows/system32 folder and delete msblast.exe. run the patch and you're done


Another update and info page below:
http://support.microsoft.com/default.aspx?scid=kb;en-us;823980



I believe Reverend posted articles on those two knowledge base articles above.


well,
Then I'd say you're in for a reformat if none of that above works. Go get a 6 pack of buzz beer, and order a pizza.
:D

What do you mean you can't move files from folder to folder or partition to partition.

This says it all:

To exploit this vulnerability, the attacker must be able to send a specially crafted request to port 135, port 139, port 445, or any other specifically configured RPC port on the remote computer. For intranet environments, these ports are typically accessible, but for Internet-connected computers, these ports are typically blocked by a firewall. If these ports are not blocked, or in an intranet environment, the attacker does not have to have any additional privileges.

Best practice recommendations include blocking all TCP/IP ports that are not actually being used. By default, most firewalls, including the Windows Internet Connection Firewall (ICF), block those ports. For this reason, most computers that are attached to the Internet should have RPC over TCP or UDP blocked. RPC over UDP or TCP is not intended to be used in hostile environments, such as the Internet. More robust protocols, such as RPC over HTTP, are provided for hostile environments.

Shadow....you've actually gotten the Blaster worm...

Here's the thread for the removal and stuff:
http://techzonez.com/forums/showthread.php?s=&threadid=6381

Don't worry, I got it too :D

Man I'm amazed at how many of ya don't keep your windows updated, also thought all TZers had super anti-virus, firewalls and trojan/spybot removers...

Bunch of people in Michigan that I know got this thing also, been spending most of the day fixing it for them :( so even though I've been immune it's still caused me grief :mad:

Man I'm amazed at how many of ya don't keep your windows updated, also thought all TZers had super anti-virus, firewalls and trojan/spybot removers

Hey! The one time I plug my pc into my modem without a hardware firewall and I get plugged with this d*mn virus.

I felt like a night out with a prostitute without protection ;)

Originally posted by FastGame
Man I'm amazed at how many of ya don't keep your windows updated, also thought all TZers had super anti-virus, firewalls and trojan/spybot removers...Hey FG,i gave everyone plenty of warning. I posted this on the front page (http://www.techzonez.com/comments.php?catid=1&id=3914) and the forums (http://www.techzonez.com/forums/showthread.php?s=&threadid=6019) back on the 17th July.

Originally posted by Reverend
Hey FG,i gave everyone plenty of warning. I posted this on the front page (http://www.techzonez.com/comments.php?catid=1&id=3914) and the forums (http://www.techzonez.com/forums/showthread.php?s=&threadid=6019) back on the 17th July.
Maybe thats why I didn't get it...hehe

well once you guys get your systems cleaned here (http://microsoft.com/downloads/details.aspx?FamilyId=C8B8A846-F541-4C15-8C9F-220354449117&displaylang=en) is the patch so you don't get it again.

great little tool.
:D