Announcement

Collapse
No announcement yet.

RPC virus

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • RPC virus

    "D:\WINDOWS\system32\lsass.exe
    Windows must now restart because the Remote Procedure Call (RPC) service terminated unexpectedly"

    Above message comes And computer restart after one minute.
    what kind of this virus. Plz tell me solution Soon

  • #2
    Re: RPC virus

    You have the LSASS or SASSER virus -- a very nasty piece of code.

    Microsoft's instructions for removal here:
    http://www.microsoft.com/security/incident/sasser.mspx

    alternatively google for Sasser Worm and find other instructions

    Good Luck! last time I saw this it ended in a format and reinstall....

    Tom
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: RPC virus

      This is exactly why you should patch your machines

      Sasser Removal Tool

      Comment


      • #4
        Re: RPC virus

        i have used sasser removal tool, fxblast etc, these can't find any virus, problem is still continue, system are shutting down repeatdly, Not single one even entire LAN (ALL systems), I have also deployed Windows XP Security updates and tools as well but in vain.
        Infect clients are windows XP with SP1.
        plz tell me another perfect solution.

        Comment


        • #5
          Re: RPC virus

          Not a fix, but a suggestion:
          Gather all the information and tools you need, then disconnect from the internet and shut everything down.
          Clean one PC at a time, shut it down and move on to the next.
          Only when you are sure (as possible) all PCs are clean, bring them up one by one
          Once all are running, do another scan and finally reconnect to the internet.

          Yes, it will take time, but it will reduce the risk of cross infection as you clean PCs

          Tom
          Tom Jones
          MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
          PhD, MSc, FIAP, MIITT
          IT Trainer / Consultant
          Ossian Ltd
          Scotland

          ** Remember to give credit where credit is due and leave reputation points where appropriate **

          Comment


          • #6
            Re: RPC virus

            Originally posted by alitoday
            i have used sasser removal tool, fxblast etc, these can't find any virus, problem is still continue, system are shutting down repeatdly, Not single one even entire LAN (ALL systems), I have also deployed Windows XP Security updates and tools as well but in vain.
            Infect clients are windows XP with SP1.
            plz tell me another perfect solution.

            Have you applied the following hotfix to the infected PC's

            KB837532

            You could also apply SP2 which included all the RPC hotfixes.

            Ass Ossian has said disconnect infecte PC's fm the network or at least disconnect you site from the internet.

            Please remember that you will need to download the hotfixes/SP2 prior to disconnecting form the net.

            My method of cleaning

            1. Disable System restore.
            2. Download and run Stinger
            3. Take a note of any virus found and attempt to clean.
            4. Manually clean the virus if no tools are found for this process. More info here http://support.dell.com/support/topi...ent?dn=1089906

            I didn't think machines were stil being infected by this.

            Comment

            Working...
            X