ScoobyNet.com - Subaru Enthusiast Forum

ScoobyNet.com - Subaru Enthusiast Forum (https://www.scoobynet.com/)
-   Computer & Technology Related (https://www.scoobynet.com/computer-and-technology-related-34/)
-   -   Question???????????????????????????????? (https://www.scoobynet.com/computer-and-technology-related-34/268294-question.html)

taffyterzo 05 November 2003 07:16 PM
I just rebooted my pc to the factory setting and now the thing shuts down all the time,
NT AUTHORITY\SYSTEM causes a remote procedure call service termination unexpectedly,
how can I solve this problem,
Cheers Mike.
ps I'm a bit thick with computers!

Nicks VR4 05 November 2003 08:12 PM
Symptoms:

you get a windows message that says

System Shutdown:
This System is Shutting down. Please save all work in progress and log off. Any unsaved changes will be lost. This shutdown was initiated by the NT AUTHORITY\SYSTEM

TIME BEFORE SHUTDOWN 00:00:60

Message:
Windows must now be restarted because the Remote Procedure Call (RPC) service. terminated unexpectedly

Technical Details
The Remote Procedure Call (RPC) protocol on the Windows operating systems provides a mechanism for a program running on one machine to execute code on another machine. Windows uses the Distributed Component Object Model (DCOM) to help manage communications of Windows components over a network, typically (but not always) the TCP/IP networks used in most environments. The DCOM interface to RPC accepts network connections on TCP port 135, and fails to validate message inputs during the instantiation of DCOM objects. By sending an appropriately malformed RPC message, an attacker can cause a vulnerable machine to execute arbitrary code within the security context of the RPC service, typically the SYSTEM context [1,2].

The researchers who discovered the vulnerability were able to create proof of concept exploits for Windows 2000/XP (running SP4 and SP1 respectively). They were also able to bypass the buffer overflow protections included as part of Windows 2003, and gain SYSTEM privileges there as well.

The vulnerable components of the Windows operating system are installed by default on all versions of Windows, and cannot be disabled without crippling a number of core Windows components.


references:

http://www.microsoft.com/technet/security/bulletin/MS03-026.asp

http://lsd-pl.net/special.html

http://www.cnn.com/2003/TECH/internet/08/11/internet.attack.ap/index.html


finding and identifying the problem:

Go and get the patch from here, choose the right version for your system. If
you don't know whether your system is "32 bit" or "64 bit" then its 32 bit.
http://support.microsoft.com/?kbid=823980

Next check your system for unusual processes that may be running. In
particular watch out for:
(NOTE, THIS LIST IS NOT EXCLUSIVE, KEEP AN EYE OUT FOR ANY UNUSUAL ACTIVITY)
MSBlast.exe
rpc.exe
rpctest.exe
dcomx.exe
lolx.exe
worm.exe

Scan with an up-to-date virus scanner to help with removal of nasties that
might be left on your system.
Next, visit http://windowsupdate.microsoft.com and grab hold of all
critical updates. Yes, all of them. Try to make a habit of doing this on a
regular basis. note tht critical updates are mentioned. not the standard updates. critical updates usually fix exploits to your computer that can cause problems by hackers or viruses.


All times are GMT +1. The time now is 02:13 PM.


© 2024 MH Sub I, LLC dba Internet Brands