LocostBuilders - powered by XMB

Annoying Worm.....Help!

red22 - 1/3/11 at 09:01 PM

My netbook seems to have picked up a worm that causes it to keep restarting, with a message panel saying "Windows must now restart because the Remote Procedure Call (RPC) service terminated unexpectedly".

I managed to stop the constant restarts by starting in safe mode and disabling the shutdown so I thought I'd check google for the symptoms and fix it except I can't. Going by the internet it appeared to be Mblast or Sasser worms, so downloaded fixes but both drew a blank as it's not either of them. I then tried Avast but everytime I try to get it to run it won't and keeps tring to shutdown again. Grrrrrr.

So if anyone can give me some other things to try I'd be really grateful. Thanks.

coozer - 1/3/11 at 09:02 PM

Format C:/

BenB - 1/3/11 at 09:09 PM

malware bytes from safemode?

red22 - 1/3/11 at 09:15 PM

Not being an IT genius not sure how to format a drive. If this involves rebooting with the original discs I'm out of luck as windows xp came preloaded without any discs and as I'm complete t**t I didn't get round to making the backup discs as windows told me to.

Although Malwarebites is installed each time I try to run that it tells me I can't. I'll try copying another in via usb.

Still living in hope there might me another option.

cd.thomson - 1/3/11 at 09:19 PM

thats MSblast! I didnt think anyone got that anymore!

have you tried this:

http://www.pchell.com/virus/msblast.shtml

cd.thomson - 1/3/11 at 09:20 PM

also, download rkill.exe and use it to shut down any processes that are stopping you using malwarebytes

britishtrident - 1/3/11 at 09:21 PM

Start windows in safe mode then run malwarebytes ---- As I discovered make sure you run it under every username on the PC to be sure of everything clearing out.

McLannahan - 1/3/11 at 09:22 PM

Red - Try renaming malwarebytes.exe to iexplore.exe or explorer.exe. The worm you have should not see these filenames as a threat and allow them to run.

[Edited on 1/3/11 by McLannahan]

40inches - 1/3/11 at 09:30 PM

That's a very old viral infection and was fixed with windows updates around 9 years ago, it looks as though either no AV was installed and/or Windows wasn't updated enough.
Try here for a fix.
Disable Restore before any attempt to clean it out, disable Internet/network access and restart in safe mode.
Download any fix with another PC and install on laptop with a CD.
If it's a Dell I can help with an install disk.
Just noticed it is a netbook, so pretty new, don't know how the hell you picked that infection up!!

[Edited on 1-3-11 by 40inches]

red22 - 1/3/11 at 09:31 PM

Ok trying all of your ideas.

cd.t I thought it was msblast but it's not or at least doesn't appear to be as none of the files associated with it are where they're supposed to be and a msblast remover app tells me it's not on my computer same with sasser which has similar symptoms.

red22 - 1/3/11 at 09:39 PM

40inches. I had AVG, zonealarm and malwarebytes installed and windows is on auto update.

Daddylonglegs - 1/3/11 at 09:45 PM

Whatever you do, make sure that you turn off windows restore first, if not then there is a good chance that even if you think you got rid of it, it may restore itself.

40inches - 1/3/11 at 09:48 PM

quote:
Originally posted by red22
40inches. I had AVG, zonealarm and malwarebytes installed and windows is on auto update.

Checking around the Net it seems there is life in the old bugger yet, it appears to be making a come back

Have you tried this site?
As I said, if the worst comes to the worst I have a Dell XP home SP3 disc you can use.

BenTyreman - 1/3/11 at 10:01 PM

On really nasty viruses I usually remove the hard drive and install it as a secondary drive on a clean PC with an up to date AV installed. You can then scan the drive without fear of the AV tools being compromised by the virus.

vinny1275 - 2/3/11 at 08:49 AM

Where are you based Red?

red22 - 2/3/11 at 08:46 PM

After a rubbish night yesterday I've finally got avast to run. Fingers crossed it finds something, but not holding my breath.

Still can't access system restore to disable it.Rkill seems to be doing what it's supposed to but still can't run stuff.

I was wondering if I connect my netbook to my laptop via usb, would the laptop treat the netbook as an external drive I could scan?

Also I have`an xp recovery disc for the laptop can I use this to reboot the netbook if all else fails? (both Toshiba)

vinny. I'm located in London the hotbed for old skool/unkown worms sent to annoy me.

SteveWalker - 2/3/11 at 09:29 PM

If XP came pre-installed and you were supposed to make a set of system disks, then you may well still have an intact, hidden partition containing the full, original setup. As Windows won't see this, it'll hopefully be unaffected. You'll probably be able to access it by some key combination on startup - see what the documentation says - and you can return the system to as it was supplied.