Mobile menu

Pages in topic:   [1 2 3] >
Virus alert! (msblast.exe): 'Remote Procedure Call terminated unexpectedly' / TFTP
Thread poster: farolingo

farolingo
Local time: 13:30
German to English
+ ...
Aug 11, 2003

Watch out Windows XP users. When I connected to the Internet this evening, within 30 secs I got a message saying 'Remote Procedure Call terminated unexpectedly...computer will shut down in 1 minute'(!)

This happened 3 times (and only after going online). Each time, though, I managed to get some hits on Google about the problem before the computer went beserk and shut down.

On one site, it mentioned firewalls, so before trying to connect this time, I checked my Internet connection settings and realized to my horror that my Internet connection firewall wasn't enabled in the dial-up dialog box. Now I've checked the box, voilà, no probs, fingers well and truly crossed!

The link below has a very recent thread going, so it looks like the problem's only just starting, so be careful and check your security settings!

www.computing.net/hardware/wwwboard/forum/15396.html


Direct link Reply with quote
 

Uldis Liepkalns  Identity Verified
Latvia
Local time: 15:30
Member (2003)
English to Latvian
+ ...
XP firewall Aug 11, 2003

Daniel Jeory wrote:

Watch out Windows XP users. When I connected to the Internet this evening, within 30 secs I got a message saying 'Remote Procedure Call terminated unexpectedly...computer will shut down in 1 minute'(!)

This happened 3 times (and only after going online). Each time, though, I managed to get some hits on Google about the problem before the computer went beserk and shut down.

On one site, it mentioned firewalls, so before trying to connect this time, I checked my Internet connection settings and realized to my horror that my Internet connection firewall wasn't enabled in the dial-up dialog box. Now I've checked the box, voilà, no probs, fingers well and truly crossed!

The link below has a very recent thread going, so it looks like the problem's only just starting, so be careful and check your security settings!

www.computing.net/hardware/wwwboard/forum/15396.html


Yeah, my firewall is enabled all the time, little relieve it gives, though, taking into cosideration the Microsoft confession we lately had to translate, that XP firewall doesn't do anything at all...

http://support.microsoft.com/default.aspx?scid=kb;en-us;306203

I found this description on MS search just now, I do not have the original article in my home computer, but there were VERY serious problems... to put it mildly.

Uldis


Direct link Reply with quote
 
Susana Galilea  Identity Verified
United States
Local time: 07:30
English to Spanish
+ ...
I received this message from my ISP provider Aug 11, 2003

Security bulletin:

Microsoft Windows RPC Interface Buffer Overrun Vulnerability.

Systems Affected: Non patched systems running Windows 2000, Windows NT, Windows XP

A buffer overrun vulnerability is being exploited on Windows machines running the Windows 2000, NT, and XP operating systems that have not been patched against this vulnerability. Users who do not routinely perform Windows System Updates or Critical Updates which include Service Packs and Patches may be affected.

***The most common complaint we have received through the exploitation of port 135 by most users is where systems have rebooted for no apparent reason while users were online. Please be advised that in some cases this could result in the execution of malicious instructions which could disable systems.***

xxx is recommending affected users take immediate action.

You can find the Windows Update Site here:

http://www.windowsupdate.com

It is recommended that all Service Packs and Critical Updates be applied.

You can find out more information as posted by Symantec here:

http://securityresponse.symantec.com/avcenter/security/Content/8205.html


Direct link Reply with quote
 

Florence B  Identity Verified
France
Member (2002)
English to French
+ ...
This is a virus : msblast.exe Aug 12, 2003

I just had this too one hour ago, crashing the computer (I see now that I can say "fortunately" here) - but suddenly when my Panda started to update itself it detected this.
I searched with my other computer and removed it with that process
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html
http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?idvirus=40369

I cross my fingers but it seems to be removed here. Be careful you all I had a hard time removing it and it seems to spread as fast as the lightning.
Florence


Direct link Reply with quote
 

Laura Gentili  Identity Verified
Italy
Local time: 14:30
Member (2003)
English to Italian
+ ...
For Daniel Aug 12, 2003

Hi Daniel,
Thank you so much for your suggestion!
This problem was driving me crazy last night, then a friend read your post to me. I did what you suggested and here I am, online again!
Laura


Direct link Reply with quote
 
Daniel Garance
Belgium
Local time: 14:30
English to French
+ ...
A good firewall that's free Aug 12, 2003

I recommend ZoneAlarm (www.zonelabs.com). Lean, safe and free for "personal" use. The "pro" version doesn't offer any further useful features.
Of course, no computer is ever secure, and it is important to be on the lookout for any unusual behavior.


Direct link Reply with quote
 

farolingo
Local time: 13:30
German to English
+ ...
TOPIC STARTER
Don't forget the patch! Aug 12, 2003

Laura Gentili wrote:

Hi Daniel,
Thank you so much for your suggestion!
This problem was driving me crazy last night, then a friend read your post to me. I did what you suggested and here I am, online again!
Laura


Hi Laura,
Don't forget to install the patch...clink on this link

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp

You have to choose the patch for your system, probably Windows XP 32bit.

Also, make sure you get rid of the msblast.exe worm by following the link in Oddie's message...very useful! Thanks a ton!

Good luck!

[Edited at 2003-08-12 12:53]


Direct link Reply with quote
 
Zhoudan  Identity Verified
Local time: 20:30
Member (2007)
English to Chinese
+ ...
I had this, too. Aug 12, 2003

Thank you all. I had the same problem an hour ago. Your posting saved me a lot of frustrations. I immediately downloaded the ZoneAlarm firewall and started to run the virus removal tool. But oddly enough, the removal program does not find the worm in my system, though I saw it in my Norton virus history record that a blaster was found and isolated (I Liveupdated my Norton only four hours ago!). Is it possible that the removal tool failed to detect the worm because it had already been isolated or deleted, considering I had Liveupdated the Norton Anti-Virus? Hope I have made myself clear. Any input would be appreciated.

Direct link Reply with quote
 

Henry Dotterer
Local time: 08:30
SITE FOUNDER
Important: install the patch whether you have gotten this virus or not Aug 12, 2003

More info on the Blaster virus:
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html

Note to all Windows users: whether you have gotten this virus or not, it is very important that you run a Microsoft program to patch the vulnerability this virus exploits. It is likely that future viruses will exploit this vulnerability, which does not involve email attachments.

The patch installation program is here:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp


Direct link Reply with quote
 

Bob Kerns  Identity Verified
Germany
Local time: 14:30
Member (2002)
German to English
Install the patch first and then get rid of the virus Aug 12, 2003

Speaking from personal experience today:

As long as the Microsoft patch has not been installed this virus can continue to enter your computer.

So the best thing to do is to install the patch first (links already provided in previous posts above) and only then download and run the Symantec solution to get rid of the virus.

This has caused me headaches today but my system seems to be clean now.

I'll keep my fingers crossed for you all (and for my system too)


Direct link Reply with quote
 

farolingo
Local time: 13:30
German to English
+ ...
TOPIC STARTER
Now I can't open pdf files Aug 12, 2003

OK, I've rid my computer of the virus (as far as I can tell), but now I've just found out I can't open any pdf attachments in Outlook Express.

When I double click on the message, it tells me 'OE has removed access to the following unsafe items...'.

Is it possible this is a result of the virus? Does anyone have any ideas how I can solve this mystery?!

Thanks!


Direct link Reply with quote
 

Silvina Beatriz Codina  Identity Verified
Argentina
Local time: 09:30
Member (2002)
English to Spanish
+ ...
Spent the entire morning dealing with it :( Aug 12, 2003

I found I had W32 Blaster this morning when Zone Alarm informed me that a program called msblast was trying to access the Internet. Since I'd never heard of it, I clicked on "more info" and I found that it was a very bad virus that had wormed its way into my computer. Norton Antivirus had not detected it; I run LiveUpdate and then it found it.

Norton could not quarantine or delete the virus. By clicking on the name of the virus in Norton's warning box I accessed a Symantec page, from which I could download a tool to delete the virus from my system. I was also recommended to download the protection patch. I ran Windows Update and the patch was downloaded together with others.

Now I've got here and I find everybody is dealing with W32 Blaster! Wow. Well, at least I'm not the only one. Misery likes company and all that. My recommendation would be, if you don't have Zone Alarm, then get it; it was thanx to it that I found the villain before more damage was done.


Direct link Reply with quote
 

Per Riise  Identity Verified
Norway
Local time: 14:30
Member (2003)
English to Norwegian
+ ...
PDF'files won't download/open Aug 12, 2003

Daniel Jeory wrote:

OK, I\'ve rid my computer of the virus (as far as I can tell), but now I\'ve just found out I can\'t open any pdf attachments in Outlook Express.

When I double click on the message, it tells me \'OE has removed access to the following unsafe items...\'.

Is it possible this is a result of the virus? Does anyone have any ideas how I can solve this mystery?!

Thanks!


I\'m no computer wizard, but it might be because your firewall doesn\'t \"let\" pdf-files through.


Direct link Reply with quote
 

Laura Gentili  Identity Verified
Italy
Local time: 14:30
Member (2003)
English to Italian
+ ...
Zipped Files Attachments Aug 12, 2003

I have enabled the Firewall, installed the patch, removed the worm (thank you all!) but now my OE removes zipped files attached to my e-mail messages as "not secure".

Direct link Reply with quote
 
Marie Lowrie
United Kingdom
Local time: 13:30
German to English
Thanks so much for the info! Aug 12, 2003

I had exactly the same problem. The same message appeared every time I logged on to the net. I had no idea what was causing it and was considering re-booting my system which would have been an absolute nightmare. Thanks so much for this information!

Direct link Reply with quote
 
Pages in topic:   [1 2 3] >


To report site rules violations or get help, contact a site moderator:


You can also contact site staff by submitting a support request »

Virus alert! (msblast.exe): 'Remote Procedure Call terminated unexpectedly' / TFTP

Advanced search






CafeTran Espresso
You've never met a CAT tool this clever!

Translate faster & easier, using a sophisticated CAT tool built by a translator / developer. Accept jobs from clients who use SDL Trados, MemoQ, Wordfast & major CAT tools. Download and start using CafeTran Espresso -- for free

More info »
SDL MultiTerm 2017
Guarantee a unified, consistent and high-quality translation with terminology software by the industry leaders.

SDL MultiTerm 2017 allows translators to create one central location to store and manage multilingual terminology, and with SDL MultiTerm Extract 2017 you can automatically create term lists from your existing documentation to save time.

More info »



All of ProZ.com
  • All of ProZ.com
  • Term search
  • Jobs