New Dell computers. boh of them are shutting down like every 5 minutes. says RPC terminated something about NT Authority
wont even stay on for 5 minutes before it shuts down again.
Dell support lets say is less than helpful on answering there phones. PC's are only 3 days old. Anything.

i just got this message like 2 min ago on my home pc running xp home edition. had liek a 20 second cound down then it just restarted itself. anything? jiMMy

How about a screen shot with the error message? Are these networked, stand alone ????

:confused:

either of you have a FULL error message? If there's a series of numbers that would help.

As above, full error message, and tell us if they're connected to the internet........

didnt get a chance too, i didnt see it till there was 5 seconds left. but i did just have this pop up.

im on a stand alone at my home.

this screen shot is of this message and it stays above all aplications. jiMMy

That is the exact same one we got right there. cant do anything and my boss is gettin pissed. cant stay on for 5 minutes.

in the details it has something to do with svchost.exe

app 5.1.2600

There is a program called shutdown...

its on almost every 2000 and I think XP machine. If a virus was made to use it, it would do just that... shut down your computer after a set time, and it would give a countdown.

Just a possibility

Y'all do any Windows updates lately?

other error the shut down one!

they are brand new computers just got it 2 days ago. PC wont stay on long enough to get one either.

Have you installed hardware or updated drivers?

From: http://www.bootdisk.com/bootlist/090.htm

Curt wrote - I recently installed some new hardware / software such as a printer and scanner. I now am getting a "Generic Host process for Win32 Services has encountered a problem and needs to close" error when I do almost anything. Any suggestions? I am not good with this type of issue!

purplehaz03 suggests:
Put the xp cd in the cd drive. Goto: start, run, type in: sfc /scannow (space between c and /), hit enter. XP will find and replace system files [that may have been overwritten by your new driver installs].

i havent done anything in like 6 months to my pc. how do i fix this? jiMMy

We are connected threw a router and to a covad DSl box. always on. Have Norton Pro on each PC, cant even get threw a virus scan to check for those. Mine isnt doing it with Win ME. just the new ones. we even have an older one in the office with XP that is fine. ????? phone here says we have been on hold with Dell for an hour.

Originally posted by The Jerk
other error the shut down one!

That is the exact program I was referring to

Only an administrator can run it on a network.

You either have someone using it, oir a virus created to utilize it

so what do i do, im at home on my personel pc, on dial up. i dont open any spam emails so i dunno where it came from. jiMMy

Originally posted by The Jerk
so what do i do, im at home on my personel pc, on dial up. i dont open any spam emails so i dunno where it came from. jiMMy

I dont remember what we did at the school, try searching for "shutdown" and delete "shutdown.exe" if you find it. If it has been renamed, you may have to wait until someone smarter comes up with a fix

This is wierd, cuz my computer just did the same thing, same error codes and everything. Started the countdown and restarted. Then did it again. Both times it started after I had started AIM. Then I downloaded an update for AIM and it hasn't done it again.

By the way, my computer's also a dell running XP Home.

Originally posted by animator
This is wierd, cuz my computer just did the same thing, same error codes and everything. Started the countdown and restarted. Then did it again. Both times it started after I had started AIM. Then I downloaded an update for AIM and it hasn't done it again.

By the way, my computer's also a dell running XP Home.

Sounds like A virus to me... I could br wrong, but I know thats the program. And that message at the bottom means nothing, it can be made to say anything by the user/program executing the file

Originally posted by LordRatner


Sounds like A virus to me... I could br wrong, but I know thats the program. And that message at the bottom means nothing, it can be made to say anything by the user/program executing the file

Looking fishy to me also. Too strange that it happened to 2 people at the same time

Ya mean like this?


http://www.wanadoo.com.lb/virus/default.asp?language=2&virus=95



course it may not be that either.

Microsoft Knowlege Base Article:

Automatic Reboot Issues (http://www.microsoft.com/windowsxp/expertzone/columns/russel/02may13.asp)

That will let you get to the NEXT STEP and tell us what has caused this problem.

Since two of you just started having problems... new virus?

Tom :usa:

That would be it. Like I said, the message is fake.

Hmmmmm.... I found this in Google but I can't get to the page to view it.

I don't have time to research any more for you guys today but this looks promising.

Type:

"windows exploit for ms03-026" (Include Quotation marks)

into Google and you'll get lots of hits.

Originally posted by Schly
I don't have time to research any more for you guys today but this looks promising.

Type:

"windows exploit for ms03-026" (Include Quotation marks)

into Google and you'll get lots of hits.

hmm. Only got two links, and both were forbidden. :confused:


edit: removed the quotations, and got better links...

....also go under administrator tools and look for the event viewer. This is the first place to check when you start having problems. look at the events and see what could be triggering the RPC shutdown.
Also this might be a good time to go in and disable the guest account and rename the administrators account. (right click on my computer and click manage, you will see local users and groups). This is a good start for you guys. Hope it helps.


Eric

....also go under administrator tools and look for the event viewer. This is the first place to check when you start having problems. look at the events and see what could be triggering the RPC shutdown.
Also this might be a good time to go in and disable the guest account and rename the administrators account. (right click on my computer and click manage, you will see local users and groups). This is a good start for you guys. Hope it helps.


Eric

Go here for Win2k and download the patch:
http://www.microsoft.com/downloads/details.aspx?FamilyID=c8b8a846-f541-4c15-8c9f-220354449117&displaylang=en

or her for XP:
http://www.microsoft.com/downloads/details.aspx?FamilyID=2354406c-c5b6-44ac-9532-3de40f69c074&displaylang=en

I hope this helps...

We are unplugging so not to corrupt anymore, getting word of a possible cable dsl. virus spreading fast. Later.

Click here and follow the directions. It just happened to me. but I saw the post last week and wrote it down on a pad. good thing too.http://www.pirate4x4.com/forum/showthread.php?s=&threadid=164770&highlight=DCOM

I got guy here that has a Sony Vio that he bought in Feb and he is running XP Home. He was ckecking e-mail at lunch and it started doing the same thing.

look up

thanks

This all sounds related to the RPC buffer overrun vulnerability in Microsoft Operating systems. There has been a lot of noise about it lately. It even warranted a warning notice from the department of homeland security.

The vulnerability is known and the suspicion(from watching traffic on the internet) is that someone has been working on a VERY serious worm to take advantage of this vulnerability. ALL Microsoft operating systems are vulnerable.

You can find more info about it here:
http://securityresponse.symantec.com/avcenter/security/Content/8205.html

Aside from installing the patches from Microsoft the only solutions appear to be to block the ports, disconnect the network, or remove and install an OS from someone other than Microsoft.

If this really is a worm or virus it could easily be the worst we have ever seen. Lets just hope its an annoyance and not a calculated attack. Good luck. I spend far more time than I would like watching this stuff(can you hear the bitterness towards Microsoft :flipoff2:) so if I find out anything new I will post. I hope everyone else will as well.

Mike B

top for those with this problem. also search for nakona's post that is linked in this thread.

Holy shit, I think we have a major virus on our hands. As I type, my friends comp is counting down... Usafa is infected

I say virus, but I really dont know what it is, but it is getting around fast

On the phone with my Brother, it just started doing this on his computer. I'm having them download all the windows security updates to see if they are a fix. This might just be something new.

I'm using a little Netgear router with a firewall behind my DSL connection and haven't had any problems yet, so I'm crossing my fingers. They're running a Comcast cable modem connection, no firewall other than Windows XPs. Funny though, they turned it off for a while last night working on another issue. Might have just been long enough to make them vulnerable.

They're both Windows XP Pro machines.

Jordan

I read that thread that was linked, and followed what nakona said, so hopefully it will work....

I walked them thru what I found on that other page, stopped the msblast.exe from running, now doing a virus update and scan. Must have just got that Blaster virus thats came out.

Jordan

i just finished cleaning my system of the worm thats been going around. a simple ctrl + alt + delete will reveal if you've been infected. if you see a process running called msblast.exe, you're infected.

download the fix for windows so you dont get infected again.

http://microsoft.com/downloads/search.aspx?displaylang=en&categoryid=7

you want the "buffer over-run in RPC" fix patch

then you can download and use mcaffe's stinger to get rid of it.

http://vil.nai.com/vil/content/v_100547.htm

their software also deletes out the registry entries that cause a re-install upon reboot. (i rebooted and checked for the files, and after i ran "stinger" i couldnt find the registry files from the virus) and didnt find them.

hope that helps