Hey, I get an error saying that the Remote procedure call terminated unexpectedly, and that a computer shutdown in 30 seconds. I understand that this is caused by the blaster worm. However, I did a full system scan, and came out clean.
for a second opinion, ceck your comp for malware with this
Malwarebytes Anti-Malware 1.50.1 http://filehippo.com/download_malwarebytes_anti_malware/
always update before scanning so you have latest database
click the remove selected button to quarantine anything found
report back the result and post the scan log here
That used to be a symptom of Blaster, however, depending on your OS (which you didn’t mention ?) and if it is fully up to date it shouldn’t be vulnerable to the blaster worm.
The Network Shield should also be monitoring the ports commonly used for exploit/worm attacks (Blaster, Sasser, etc.)
I’m using WinXP, its up to date.
Well I believe after XP SP1 or SP2 your system shouldn’t be vulnerable to the Blaster worm.
So it could be something less suspect, run the check scan as suggested by Pondus.
Also see, http://en.wikipedia.org/wiki/Blaster_(computer_worm) and http://support.microsoft.com/kb/826955.
Malwarebytes’ Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5504
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12/01/2011 08:13:56
mbam-log-2011-01-12 (08-13-56).txt
Scan type: Full scan (C:|F:|)
Objects scanned: 795095
Time elapsed: 6 hour(s), 19 minute(s), 53 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID{9F44453E-1E46-4D5C-B57C-112FF2EDAE82} (Spyware.OnlineGames) → Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\SYSTEM32\ESFTCHK2.DLL (Trojan.Scar) → Value: ESFTCHK2.DLL → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) → Value: ForceClassicControlPanel → Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) → Bad: (0) Good: (1) → Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\documents and settings\Owner\my documents\fff-ea189.exe (Trojan.Orsam) → Quarantined and deleted successfully.
c:\documents and settings\Owner\my documents\downloads\command and conquer - generals\no-cd crack\ea.games.multi.keygen.exe (Trojan.Agent.CK) → Quarantined and deleted successfully.
c:\program files\ViperTV\libs\QVOD\QvodBand.dll (Spyware.OnlineGames) → Quarantined and deleted successfully.
c:\WINDOWS\system32\esftchk2.dll (Trojan.Scar) → Quarantined and deleted successfully.
I see a high risk strategy here:
c:\documents and settings\Owner\my documents\downloads\command and conquer - generals\no-cd crack\ea.games.multi.keygen.exe (Trojan.Agent.CK)
Using cracks and keygens, aside from any legal/moral issue comes with a very high risk of uninvited guests.
Oh, that was a file from a few years ago :
I guess I totally forgot about that keygen.
;D
After running the Anti-Malware, I’m still getting computer shutdowns, and if I abort the shutdown with “shutdown -a”, I lose my audio drivers, which come back after I restart my computer. Also, the desktop icons cannot be moved (cannot drag to another position), but all other icons (not on desktop) are normal (only desktop icons can’t be moved).
Then my guess would be that you do have a system RPC problem, though what to do about it isn’t something I’m familiar with. So I would try your friend google for, "
Remote Procedure Call Terminated unexpectedly" without the quotes and see if that brings up any repair options.
See google results, http://www.google.co.uk/search?q=remote+procedure+call+terminated+unexpectedly+windows+xp
This one mentions changing the settings from restarting the system to restarting the service (RPC), http://forums.techarena.in/windows-xp-support/1044943.htm#post3999208.
Hopefully there will be something in those google hits that will be useful to you.