Question????????????????????????????????
05 November 2003, 07:16 PM
#1
Scooby Regular
Thread Starter
Join Date: Aug 2003
Posts: 228
Likes: 0
Received 0 Likes
on
0 Posts
I just rebooted my pc to the factory setting and now the thing shuts down all the time,
NT AUTHORITY\SYSTEM causes a remote procedure call service termination unexpectedly,
how can I solve this problem,
Cheers Mike.
ps I'm a bit thick with computers!
NT AUTHORITY\SYSTEM causes a remote procedure call service termination unexpectedly,
how can I solve this problem,
Cheers Mike.
ps I'm a bit thick with computers!
05 November 2003, 08:12 PM
#2
Scooby Regular
Join Date: May 2003
Posts: 1,165
Likes: 0
Received 0 Likes
on
0 Posts
Symptoms:
you get a windows message that says
System Shutdown:
This System is Shutting down. Please save all work in progress and log off. Any unsaved changes will be lost. This shutdown was initiated by the NT AUTHORITY\SYSTEM
TIME BEFORE SHUTDOWN 00:00:60
Message:
Windows must now be restarted because the Remote Procedure Call (RPC) service. terminated unexpectedly
Technical Details
The Remote Procedure Call (RPC) protocol on the Windows operating systems provides a mechanism for a program running on one machine to execute code on another machine. Windows uses the Distributed Component Object Model (DCOM) to help manage communications of Windows components over a network, typically (but not always) the TCP/IP networks used in most environments. The DCOM interface to RPC accepts network connections on TCP port 135, and fails to validate message inputs during the instantiation of DCOM objects. By sending an appropriately malformed RPC message, an attacker can cause a vulnerable machine to execute arbitrary code within the security context of the RPC service, typically the SYSTEM context [1,2].
The researchers who discovered the vulnerability were able to create proof of concept exploits for Windows 2000/XP (running SP4 and SP1 respectively). They were also able to bypass the buffer overflow protections included as part of Windows 2003, and gain SYSTEM privileges there as well.
The vulnerable components of the Windows operating system are installed by default on all versions of Windows, and cannot be disabled without crippling a number of core Windows components.
references:
http://www.microsoft.com/technet/security/bulletin/MS03-026.asp
http://lsd-pl.net/special.html
http://www.cnn.com/2003/TECH/internet/08/11/internet.attack.ap/index.html
finding and identifying the problem:
Go and get the patch from here, choose the right version for your system. If
you don't know whether your system is "32 bit" or "64 bit" then its 32 bit.
http://support.microsoft.com/?kbid=823980
Next check your system for unusual processes that may be running. In
particular watch out for:
(NOTE, THIS LIST IS NOT EXCLUSIVE, KEEP AN EYE OUT FOR ANY UNUSUAL ACTIVITY)
MSBlast.exe
rpc.exe
rpctest.exe
dcomx.exe
lolx.exe
worm.exe
Scan with an up-to-date virus scanner to help with removal of nasties that
might be left on your system.
Next, visit http://windowsupdate.microsoft.com and grab hold of all
critical updates. Yes, all of them. Try to make a habit of doing this on a
regular basis. note tht critical updates are mentioned. not the standard updates. critical updates usually fix exploits to your computer that can cause problems by hackers or viruses.
you get a windows message that says
System Shutdown:
This System is Shutting down. Please save all work in progress and log off. Any unsaved changes will be lost. This shutdown was initiated by the NT AUTHORITY\SYSTEM
TIME BEFORE SHUTDOWN 00:00:60
Message:
Windows must now be restarted because the Remote Procedure Call (RPC) service. terminated unexpectedly
Technical Details
The Remote Procedure Call (RPC) protocol on the Windows operating systems provides a mechanism for a program running on one machine to execute code on another machine. Windows uses the Distributed Component Object Model (DCOM) to help manage communications of Windows components over a network, typically (but not always) the TCP/IP networks used in most environments. The DCOM interface to RPC accepts network connections on TCP port 135, and fails to validate message inputs during the instantiation of DCOM objects. By sending an appropriately malformed RPC message, an attacker can cause a vulnerable machine to execute arbitrary code within the security context of the RPC service, typically the SYSTEM context [1,2].
The researchers who discovered the vulnerability were able to create proof of concept exploits for Windows 2000/XP (running SP4 and SP1 respectively). They were also able to bypass the buffer overflow protections included as part of Windows 2003, and gain SYSTEM privileges there as well.
The vulnerable components of the Windows operating system are installed by default on all versions of Windows, and cannot be disabled without crippling a number of core Windows components.
references:
http://www.microsoft.com/technet/security/bulletin/MS03-026.asp
http://lsd-pl.net/special.html
http://www.cnn.com/2003/TECH/internet/08/11/internet.attack.ap/index.html
finding and identifying the problem:
Go and get the patch from here, choose the right version for your system. If
you don't know whether your system is "32 bit" or "64 bit" then its 32 bit.
http://support.microsoft.com/?kbid=823980
Next check your system for unusual processes that may be running. In
particular watch out for:
(NOTE, THIS LIST IS NOT EXCLUSIVE, KEEP AN EYE OUT FOR ANY UNUSUAL ACTIVITY)
MSBlast.exe
rpc.exe
rpctest.exe
dcomx.exe
lolx.exe
worm.exe
Scan with an up-to-date virus scanner to help with removal of nasties that
might be left on your system.
Next, visit http://windowsupdate.microsoft.com and grab hold of all
critical updates. Yes, all of them. Try to make a habit of doing this on a
regular basis. note tht critical updates are mentioned. not the standard updates. critical updates usually fix exploits to your computer that can cause problems by hackers or viruses.
Thread
Thread Starter
Forum
Replies
Last Post
Brzoza
Engine Management and ECU Remapping
1
02 October 2015 05:26 PM