RPC Hell ...

[healtheworld]

Well experts,,
Thanks cnn for providing early alerts about the xp rpc flaw. I hv read the whole thread . Really impressed by response. I m working for Dell tech Support. Dell support lines are jammed becoz of issue. Nearly 85% of dell systems( Home and small business) are infected by this . Now we have received a lot of mails from dell experts . I just want to know from u guys which one of them is the best solution.

I KNOW DOWNLOADING THE LATEST PATCH, BUT WHICH ONE OF THEM IS BEST TO PREVENT ABNORMAL SHUTDOWN.


i hv gone thru these threads also

http://www.security-forums.com/forum...pic.php?t=7266

http://www.security-forums.com/forum...pic.php?t=7105


Some Fixes
========
1. <http://vil.mcafee.com/dispVirus.asp?virus_k=100499>
****
2.
****
Run Dcomcnfg.exe.

If you are running Windows XP or Windows Server 2003, perform these additional steps:

Under Console Root, click Component Services.
Open the Computers subfolder.
For a local computer, right-click My Computer, and then click Properties.
For a remote computer, right-click the Computers folder, point to New, and then click Computer. Type the computer name. Right-click the computer name, and then click Properties.
Click the Default Properties tab.
Click to select (or click to clear) the Enable Distributed COM on this Computer check box.
If you will be setting more properties for this computer, click the Apply button to enable (or to disable) DCOM. Otherwise, click OK to apply the changes.

3.
****
Try this goto safe mode disable all under startup and then also under services. Recheck Plug and play , RPC and RPC locater, and system restore services.

Then reboot to normal mode.
This is not a Virus it is a hacking attempt.
removing the cable for the cable modem and the phone line will help.

5.
*****
Disconnect the system from the internet.
Reboot the system
Enable the Internet Connection Firewall ( XPs inbuilt firewall-- Advanced settings in the properties of the LAN or the Dial up connection)

Reconnect to the internet
Then download the patch from http://microsoft.com/technet/treevie...n/MS03-026.asp

Apply the patch.

6
*****

http://securityresponse.symantec.com...ster.worm.html


7
*******

Boot in Safe Mode-->Go to Start>Control Pannel.
Click on the Switch to Classic veiw.
Goto Administrative tools
Go to Service.
Select the Remote Procedure Call and Double click on the service.
Go to Recovery.
Go to First Failure: Change it to take no action.
Click on Apply and ok.
Click on the network connections
right click on the LAN or the dial up Connection.
Click on the Properties.
Click on the check box which enables the XP-Firewall.
Click on Apply and Ok.
Reboot the system in the normal mode.

Then Guide the customer to download the patch from microsoft site.
http://microsoft.com/downloads/detai...displaylang=en

==============================================
Sometimes it gives an error rearding TFTP

*******************************************************
Any answer for tftp error
Some IMP Info

[usil]

Hi Healtheworld,
I have found that the following two things will do the job:
1. Download the Symantec removal tool to scan the computer.
2. Download the patch you mentioned in 5 to keep it out.

[Undertaker02]

And one more thing Install a good Firewall..

Currently using Visnetic from www.deerfield.com..

and while it is a pain.. Windows update is best to be enabled.. a lot of the machines I repaired today.. had it turned off

to improve the systems performance, and keep my information out of BG's pockets

Cheers

[kjanx]

and, after all of that, which i've already done on the wife's computer,
which does not fix everthing, get ready to reinstall windows.

that w32blaster worm is responsible for the problem.

but, getting rid of the worm, doesn't take care of all problems.

her computer refuses to let me install the ms patch, or to set the xp firewall.

the error that pops up, says the crytography files are not enabled.
yet, in disk management, thay are enabled, so the bug has destroyed that process, and a reinstall in in order for xp

[Tuttle]

Originally posted by kjanx
a reinstall in in order for xp

Any machine which gets rooted through a vulnerability like this really should be rebuilt from scratch. You have no way of knowing what else was done by your particular variant of the worm, or who else attacked your machine the same way.