Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

RPC Restarting Issue

  • 11-08-2003 6:27pm
    #1
    Closed Accounts Posts: 958 ✭✭✭


    Right this has only seemed to start in the last half hour or so.

    Basically people are getting random restarts or a little window telling them they have 60 seconds to pish off before restart.

    What worked for me was:
    Control Panel--->Admin Tools--->Services

    Right click on Remote Call Procedures, go to properties and set it to "Take No Action".

    I posted here to reach the most people, lord knows why it's happening.

    Many people encounter it?


Comments

  • Closed Accounts Posts: 1,502 ✭✭✭MrPinK


    Apparently it's the result of someone trying to run an exploit on your machine

    http://www.boards.ie/vbulletin/showthread.php?s=&threadid=109542


  • Registered Users, Registered Users 2 Posts: 5,538 ✭✭✭PiE


    Got it a few mins ago myself.

    Fix


  • Closed Accounts Posts: 16,339 ✭✭✭✭tman


    cheers guys, i was beginning to panic there (downloading the fix in PiE's post atm)


  • Closed Accounts Posts: 867 ✭✭✭l3rian


    yea, this has happened 3 times to me, thx for fix


    omg it just happened again


  • Registered Users, Registered Users 2 Posts: 2,680 ✭✭✭Tellox


    yeah,I've been getting it all day today and all day yesterday! whats going on loike?

    just happened to me less then a minute ago too


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 8,503 ✭✭✭Makaveli


    Just happned to me a couple of minutes ago too.


  • Closed Accounts Posts: 5 Cremin


    run > cmd > 'shutdown -a' stops it immediately, and for me has stopped it popping up again. Might be worth a try


  • Registered Users, Registered Users 2 Posts: 2,543 ✭✭✭sionnach


    the fix in pie's post stopped it for me :) thx pie


  • Closed Accounts Posts: 418 ✭✭Zaphod B


    Problem I had was it didn't give me time to download and run the fix before it had shut down. McAfee told me it was at c:\windows\system32\ (the file was mscrash.exe or something very similar sounding, definitely began with ms) but of course wouldn't delete it, eventually I stopped it by closing McAfee, repeatedly asking Task Manager to stop the exploit file, then repeatedly attempting to rename or delete the file until it finally stopped bleeting about the file being protected and let me rename it. It bleeted a bit more about protected file, then I deleted it after a few tries.

    THEN I downloaded the fix.

    As usual, my question is WHY? How petty and lame do you have to be to cause this? It's not even impressive or clever, as though they've created something here. It's just another pointless little exploit which does nothing except to make the people responsible feel a little bit bigger. Personally I'm sick of the whole mentality we've had to adopt of casually going "Ah. Another exploit fvcking up my machnie. I wonder if there's a fix anywhere." Get used to it? WHY THE FVCK should we? Instead, why don't the people responsible get used to going outside occasionally or doing something else other than being petty and causing random ordinary people grief?
    Rant over... til next time.


  • Banned (with Prison Access) Posts: 16,659 ✭✭✭✭dahamsta


    I find that filling my sink with water and carefully submerging my computer while still connected to the mains cures the problem permanently. To upgrade your machine with Microsoft Plus, make sure you hold the tap and the chassis of your computer firmly when performing the fix.

    Muppets. That vuln was announced four weeks ago. How hard is it to go Windows Update once a week and check for patches?

    Zaphod B, this isn't a trivial vulnerability. See the FAQ here.

    adam


  • Advertisement
  • Closed Accounts Posts: 867 ✭✭✭l3rian


    if its not broken why download a fix... i only gte those updates when something isnt working, saves time really, if i was to bother getting ever update "once a week" i would have wasted too much time, when i can spend 10 minutes once a year downloading a 1mb file (yes first problem in 1 1/2 years of totally non updated xp)


  • Closed Accounts Posts: 16,339 ✭✭✭✭tman


    Originally posted by dahamsta
    How hard is it to go Windows Update once a week and check for patches?
    some of us 56k'ers have more important things to use our bandwidth on... pr0n for example.

    i'm going to start doing that now myself, should take ages to get it all up to date, i haven't updated xp at all since sp1:rolleyes:


  • Closed Accounts Posts: 418 ✭✭Zaphod B


    Amen. Dahamsta thanks for confirming that I am indeed a muppet, ffs no I don't check for updates on a weekly basis as I really shouldn't have to (back to my point about Putting Up With Sh!t) but from now on I will since some c0cks feel it is necessary to screw with my machine. I didn't suggest it was trivial, what I did was to say it has no useful purpose except to make those responsible feel a bit more important than the petty, usually pretentious little w@nkers they are. I should know it's not trivial, I'm the one who couldn't get his computer to remain operational for more than a minute at a go.

    Sorry hamsta but try and bear in mind that some of us just want to use our computers for the purposes for which we bought them without having to take time to accomodate the assholes who want to mess up our machines for no good reason. As for the announcement, bear in mind that some of us feeble plebians don't visit http://marc.theaimsgroup.com weekly, or ever for that matter. Fecksakes have some sympathy for us, we're simple :p

    Little edited thingy at the end: I have Windows Auto-Update, so I get patches every couple of days. Clearly it didn't download this update if it was 4 weeks old. Foolishly I assumed that having Windows update automatically might actually give me patches that protect against exploits completely f*cking up my computer. That is why I didn't feel it necessary to visit the website.


  • Closed Accounts Posts: 2,486 ✭✭✭Redshift


    I think alot of people don't realise how big a security hole this is this is an extract from a tutorial on how to run this exploit
    Now when you type a command it will be executed on the victims machine.. We
    want to change the victims password to the administrator account. So type

    "net user Administrator <newpass>" replace <newpass> with a new password you
    want to use.

    Now to make lifer easier we are going to use a tool intigrated with windows
    xp.. Enter run and type "mstsc" and press "ok"
    The Remote Desktop Connection program will open. Enter the victims ip in the
    Computer field and press connect.

    There you go! You should now se the victims login screen... Login as
    administrator with the new password you entered earlier..

    And your in ! Now you can do what ever you want to.. But remember the victim
    will automaticly be logged out when you login.. So be quick before he logs
    you out again...

    I have heard that when you exit the connection to the victim the victims
    computer will reboot. I think that is is the case queit often.. I
    disconnected alot and suddenly I couldn't reconnect..

    I don't want to scare anybody but that's an idea of what the little scumbags can do if the exploit succeeds, so get em patched. I have removed the detail on how to do the exploit for obvious reasons and before anybody asks no I don't do any of this **** I think the assholes that do should be strung up by their balls.
    Cheers

    Red


  • Closed Accounts Posts: 958 ✭✭✭Mark


    How hard is it to go to Windows Update once a week and check for patches?

    Ah irony, you DO have a sense of humour.

    You see Dahamsta, I had to reinstall XP a few weeks ago because of some typical Microsoft problem that I don't understand and occurs for no apparent reason.

    Now, joy upon joy, Windows thinks my XP is a warez version (which it's not) and won't LET me install any of the Windows Updates.

    I figging agree with Zaphod.


  • Closed Accounts Posts: 1,502 ✭✭✭MrPinK


    Even if you can't keep XP up-to-date (it is hard on 56k alright), everyone should have a firewall to block out stuff like this


  • Banned (with Prison Access) Posts: 16,659 ✭✭✭✭dahamsta


    Dahamsta thanks for confirming that I am indeed a muppet

    Anytime sweety.

    no I don't check for updates on a weekly basis as I really shouldn't have to

    No, you shouldn't, but such is life. If you run Windows, you have to patch patch patch, or you're going to get hacked. If you don't want to patch so often, run OpenBSD.

    what I did was to say it has no useful purpose except to make those responsible feel a bit more important than the petty, usually pretentious little w@nkers they are

    You think DDOS attacks only come from kidiots? Come into the real world my man!

    Sorry hamsta but try and bear in mind that some of us just want to use our computers for the purposes for which we bought them without having to take time to accomodate the assholes who want to mess up our machines for no good reason

    You think I don't?

    As for the announcement, bear in mind that some of us feeble plebians don't visit http://marc.theaimsgroup.com weekly, or ever for that matter.

    It was all over the news, I think I even saw it on the BBC website.

    Fecksakes have some sympathy for us, we're simple

    :) I see you have Auto-Update, open it up and take a screenie, let's have a look at the settings, see if we can fix it.

    tman, the RPC update is about a meg in size, which isn't all that bad on a dialup. Set it up and have a cup of coffee.

    In all seriousness folks, ranting about Windows is a waste of time and effort. In this particular case, your machines are insecure because of you and your choices. If you don't like Windows or you think you're unable to keep it updated, uninstall it and try something else. Before you do though, remember: you'll spend nearly as much time patching Red Hat or Mandrake...

    Do the right thing, get some skillz. :)

    adam


  • Registered Users, Registered Users 2 Posts: 1,348 ✭✭✭Ryo Hazuki


    Jebus! The same thing is happening to me, on XP, switched over to my Win2K hard disk(using it right now) and have ha no problems.

    I though it was a hardware issue, as i put in an 80mm fan last night.

    Strange, im typing with the keyboard on the ground, and searching google for an answer, The lid off the PC and monitor on the chair.

    I shoulda just checked here first.

    So were were ALL being accessed?

    Or at least trying to?


  • Closed Accounts Posts: 16,339 ✭✭✭✭tman


    Originally posted by dahamsta
    tman, the RPC update is about a meg in size, which isn't all that bad on a dialup. Set it up and have a cup of coffee.
    you mean the one that PiE posted a link to?
    i got that, sorted everything out nicely.
    i was talking about how much i'll have to d/l to get auto update up to date


  • Closed Accounts Posts: 2,196 ✭✭✭Littletinyman


    Why bother checking for Windows updates when pretentious geekboys like dahamsta are more than willing to fuel their own ego by telling us how stupid we are and how to fix the latest problems with our pathetic Windows installs?


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 1,348 ✭✭✭Ryo Hazuki


    Lol, quite true.

    "skillz" was it?


  • Closed Accounts Posts: 6,143 ✭✭✭spongebob


    I didnt bother with the fix because I already had a firewall .


  • Registered Users, Registered Users 2 Posts: 896 ✭✭✭clansman


    just got that error. DL the patch and worked fine, well a after a trys,, feckin pc kept restating while DLing!!!


  • Closed Accounts Posts: 1,502 ✭✭✭MrPinK


    Check your registry too. You may have had a key added

    http://isc.sans.org/diary.html?date=2003-08-11


  • Banned (with Prison Access) Posts: 16,659 ✭✭✭✭dahamsta


    you mean the one that PiE posted a link to?

    Yup.

    i got that, sorted everything out nicely.

    Kewl.

    i was talking about how much i'll have to d/l to get auto update up to date

    Well, you can leave all the ones that aren't automatically added to your, uh, basket anyway. If it's not added to your basket, it's not critical.

    You can also leave the Service Packs and Cumulative Updates for a little while, because they're nearly always rollups of previous patches. In fact this is a good idea for relatively inexperienced users, as more often than not they have nasty inconsistencies that need to be corrected.

    When I was on dialup and working with a clean install, I'd do the Service Packs first, then any remaining Critical Updates and then add the fudgies as I went along. Things like DX9 might stay in there for months. :)

    adam /blows littletinyman a kiss


  • Closed Accounts Posts: 965 ✭✭✭DriftingRain


    Was about to be throwing m PC outta the window and cussing it all at the same time. Finally got the update and it fixed it immediately. THANK YOU MUNCH!!!!

    DR.


  • Banned (with Prison Access) Posts: 16,659 ✭✭✭✭dahamsta


    RPC DCOM Worm On The Loose
    "The first of I'm sure many RPC DCOM worms affecting Windows is on its way, according to the Internet Storm Center. Patch those systems!" According to the site, "The worm uses the RPC DCOM vulnerability [affects Win2k through Server 2003] to propagate. Once it finds a vulnerable system, it will spawn a shell on port 4444 and use it to download the actual worm via tftp."


  • Registered Users, Registered Users 2 Posts: 9,604 ✭✭✭irishgeo


    firewalled here as well so unlikely to affect me. You gotta love zonealarm and its free as well.


  • Closed Accounts Posts: 418 ✭✭Zaphod B


    I've taken a look at the old Auto-Update now and asked for the critical updates, which for some reason were the ones it wasn't downloading even though I'd set it up to DL them before.

    I've calmed down a bit now, sorry if my rant came across as personal Hamsta :)

    PS when I said they were little, I didn't mean short or adolescent :) Whatever their age or technical expertise, I stand 100% behind my allegation that they are in fact w@nkers :)


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 5,439 ✭✭✭ando


    Originally posted by Redshift
    this is an extract from a tutorial on how to run this

    where did you get that from? is there a website for this kind of thing ??????? I'm a network admin and would like to see how these guys work


  • Closed Accounts Posts: 31,967 ✭✭✭✭Sarky


    If I'd had someway decent internet access in the last couple of weeks I might have known about it. Now the computer I had brought to my dad's surgery to replace a buggered up machine has it, and the locum's getting annoyed. Bloody annoying, but at least it's curable.

    Cheers for the links. Time to download it and run it later. As if having to "run" on XP wasn't bad enough...


  • Moderators, Recreation & Hobbies Moderators Posts: 10,912 Mod ✭✭✭✭Ponster


    Hmmm, just a quick question...

    How many of you are running firewalls?

    Most, if not all, block RPC requests (Tiny, Norton..) and some of the best are free.


  • Closed Accounts Posts: 16,339 ✭✭✭✭tman


    i would've used xp's built in firewall, you can't seem to use that with utvip's dialler tho:rolleyes:

    someone give me linkage to a decent free firewall


  • Closed Accounts Posts: 1,502 ✭✭✭MrPinK


    someone give me linkage to a decent free firewall
    ZoneAlarm


  • Site Banned Posts: 5,904 ✭✭✭parsi


    Originally posted by tman
    i would've used xp's built in firewall, you can't seem to use that with utvip's dialler tho:rolleyes:

    someone give me linkage to a decent free firewall

    I use the XP firewall with the XP-Lite dialler - and I've had no problems whatsoever. It doesn't firewall the conenction by default so just go into network&dial up connections and edit the properties and bobs yer uncle. As for firewalls I use Sygate Personal Firewal.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 5,439 ✭✭✭ando


    I got attacked tuesday night by this little whore of a virus, Tiny Firewall picked it up and asked me around 20 times did I want to allow port 135 in....


  • Registered Users, Registered Users 2 Posts: 51 ✭✭michaelpwilson


    Slightly OT, apologies, but this may be interesting to some of ye.

    Thanks to this flurking bar steward of a worm, my W2K server is quite knackered. I never actually got the worm, so it's a bit ironic, to say the least. I downloaded SP4 for W2K as advised by the MS website whilst trying to find the patch for the worm - even more ironic is the fact that I now discover I didn't need the forking patch at all because Zonealarm would have blocked it.

    Anyways, now the server takes ages to boot up (stays at "Preparing network connections" for about five minutes). But the real kick in the teeth is that surfing has become one pain in the wobbly bits. Any URL typed into internet explorer doesn't even seem to be requested from the DNS for about two minutes. Subsequent pages requested from the same URL load fine, however. Also, MSN Messenger v6 also appears to have been hit by this bloody service pack.

    A word of advice: Read the documentation for W2K SP4 on the MS website before you decide to install it. There are lots more problems associated with SP4 and you can see these if you go to the community newsgroups on support.microsoft.com. If you must install SP4, please don't do what I did: I elected not to backup the old files first (the installation gives you this option).

    I'm off to find a nice short rope and a nice high gable. Anyone got a lend of a stepladder for about 10 mins?

    HTH

    Michael


Advertisement