General discussion

Locked

Process Termination

By d.jones092 ·
Hello.

I am having trouble on my XP machine at home. I am getting an RPC Process Termination error message intermittantly. It forces a reboot of my machine at least 2 times a day.

Any thoughts?

Dennis Jones

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by jschein In reply to Process Termination

You have a virus... More than likely blaster or a variant of it.

Download Stinger from www.nai.com (it will search your pc for this virus and numerous other high risk virii).

Save it somewhere you can find it. Reboot your system into safe mode, remove System recovery option, run stinger, enable system recovery option... Reboot, load XP normally, ensure you have the latest downloads for your anti-virus.

Collapse -

by jschein In reply to

Joseph below is correct, I always fail to mention the patches for the blaster and I apologise.

If you have more than one pc on your network, someone has the virus. If you have a fully open connection to the network without a firewall, you are going to be constantly attacked by people who unknowingly have the virus which is trying to get into your system.

Mind you, even up to date Anti-virus programs have not caught this or some other virii. That was why my suggestion to run stinger came about. Some people have fully up-to-date Anti-Virus, but they do not have that program properly configured.

As suggested, get a firewall program, such as black ice - I believe it is 50.00 usd. It is a great program to monitor all of your ports and deny local traffic in or out depending on what kind of activity you see. If you have your own firewall / router, you can block wan traffic ports 135 and 139 to stop that worm from hitting your system from the outside.

Collapse -

by d.jones092 In reply to

Poster rated this answer.

Collapse -

by d.jones092 In reply to Process Termination

I'm running AVG anti-virus on the machine, and it was freshly loaded in the past 2 weeks.

Collapse -

by Joseph Moore In reply to Process Termination

Actually, you are not infected with Blaster (or a Blaster variant like Welchia), but you are NOT patched for the DCOM/RPC vulnerability it exploits. Nor are you running a firewall to block it.
What is happening is someone out there on the Internet who IS infected with Blaster is scanning your computer. Blaster on their machine sends the RPC exploit, which on your unpatched machine is triggered, but not FULLY successfully. The RPC exploit that Blaster uses does not always work successfully. Sometimes, it only partially works; the partial success means that on the target machine (yours), you get the RPC errors. But, the full exploit does NOT occur, so the Blaster EXE file is NOT copied over to your machine. When the exploit only partially works, you don't get infected with Blaster.
This has confused a lot of people over the past 6 months. They continue to get the RPC errors when they go on the Internet, but their anti-virus scans show up nothing. So, you aren't alone.
The Blaster worm did not always infect targets. It would 1) execute the RPC vulnerability in a sloppy method, then 2) IF the exploit worked properly THEN it would copy itself to the target, infect it, and continue to replicate itself.
A lot of machines stopped at step 1. Like yours.
So, get the patch. Go here for info:
http://www.microsoft.com/security/incident/blast.asp
(please remove any spaces)

Collapse -

by d.jones092 In reply to

Poster rated this answer.

Collapse -

by d.jones092 In reply to Process Termination

This question was closed by the author

Back to Windows Forum
7 total posts (Page 1 of 1)  

Related Discussions

Related Forums