Virus?

[monty]

Hi guys,

It seems like I have a virus making trouble on my PC, only problem is all virusscanners come up clean. They have the latest virusupdates but still nothing! CWSHREDDER doesn't find anything as well...

Symptons are: When I connect to the internet (through network/shared connection) about 60 seconds later Windows tells me the RPC sercice has failed and my PC will restart. It then starts to countdown and restarts my PC.

I tried to remedy this by telling WinXP not to restart my PC but restart the RPC sevice instead(in control panel,admin. tools, services).

Now when winXP wants to restart the RPC, RPC will call on an svchost.exe which will then eat 99% of my processor speed... If I close this svchost with taskmanager, I can't open any webpages in a new window (neither by clicking on a link or right clicking) and I can't open the seach window from the start menu anymore...

Anybody any idea (Francois maybe???)

Monty

[MadFrankie]

theres a patch on the microsoft support website that will resolve it. Just do a search for Remote procedure call shutdown..

laters

[diaw]

This is an irritating problem... If the MS$ patch does not do the trick for you, then you may have to re-install the Winblow$ OS...

[monty]

Yep,

it looks like the rpc/dcom exploit, but i have patched for that vulnerability months ago...

If it's a virus it looks like it's unknown, right now I bet on some strange quirk of MS$...

I have all my data backed up but reinstalling WinXP will be a hassle since I have some 80 programs on it.... That's 80 reinstalls

I'll have to do it since I don't find any solution

[ajahnlau]

In todays BKK Post there's and article in the IT section [help desk]. Looks similar to your problem. A couple links given to fix the virus.

[Guest Lazarus]

Get all the latex patches from micro$oft that will fix it.

If not.. format.

Good luck

[francois]

hi'

my 2B in here

do you run outlook or outlook express?

did you try an online antivirus?

looks like an early version of bagle@mm ...

and sometime ..sorry the Ms patch does not make the "trick" .

if the threat is not coming from this one for sure, you can download the netsky@mm desinfection tool.

try 2 things ...

download the desinfection tool from symantec web-site.

de-activate the system restore of XP.

run the tool or the tools one after the other.

surely will find something, clean, restart.

and if you use it re-activate the sytem restore.

I say to do it this way, because most of user aren't familiar with the registry and might cause more damage than good things

and then .. make a backup

francois

[monty]

Hi guys,

Thanx for the reply's...

I tried pretty much anything before I gave up, just wanted to know where the problem came from...

Did online virusscan (both Mcafee's and Trendmicro's)

Scanned with spybot, adaware and cwshredder (latest updates)

Tried most of the virusspecific scanners (stinger, netsky@mm,...)

All came up empty.

In the end I guess my windows XP got corrupted somehow, since everything got solved by reinstalling WinXP (using the install cd and choosing upgrade)

This way I didn't have to reinstall anything except for the driver of my Geforce videocard...

All is running smooth again now!

Monty

[francois]

hi'

sorry

I should have looked at my small database ...

well, sometime, some devices refuse to start ...

and give trouble to the boot or to the functions of the kernel ...

the most common one is the printer.

unplug it, start and in safe mode check that no residual printing job are in stock ...

if so, delete them , and restart without the printer on, and once started, plug the printer.

(assuming that it's an USB one)

some other device, like the modem can create such situation ...

this is what might have happened to you ...

but the reinstall was a good move, since you don't need to reinstall everything, just check that all windows update are not gone ...

francois

[monty]

Good tip on reinstalling the Win patches Francois, they did indeed disappear!!! I probably would have been blasted by some blaster look alike pretty soon!!!!

[francois]

hi'

you are welcome monty

anytime, if can help ..

TO CONSIDER : think about to make a backup of the partition C:\

use drive Image version7, either you have a cd-write or not, you can perform a nice backup in less than 30mn

if on cd-rw easy ! just give a name with date to the backup.

if on the hdd, make a new folder first in a partition where you have a lot of space.

useless to say :not the C:\ ...

choose a high compression .. comes in about 50% compression.

once a real probelm appears ... restore the backup, just update drivers or antivirus database, some program's update ... and there you are

cheers

francois

[singer]

In future dont open any emails that are say 30 -40 k . most simple none virus mails are about 2 to 3. Just about all 20 + mails are viruses.

If you can get Nortons virus protection because it is excellent.

Change your e mail client to yahoo because it has a virus scan on

all emails and wont allow you to download one.

Dont open ANY mail attachements that have .exe at the end . Its an executable file with an implanted virus.

[bkk_mike]

There is a free antivirus program from Grisoft (www.grisoft.com) - AVG Free Edition.

It's single PC use only, but does issue updates, and the price is right.