ID:189332
 Aug 14 2003, 5:56 pm
|
|
I keep on getting an error message saying something like PRC or something like that. It gives me 1 minute to save anything I was doing and then shuts down. It keeps on happening over and over again, I used a virus scanner and nothing showed up. I'm using AVG.
| |
Don't even worry about anti-virus programs for this one... It can be taken care of on your own (with the help of a handy removal tool developed by Symantec)
Here are the tools you need: 1) Microsoft's security patch for this problem, which can be found here and 2) Symantec's removal tool, which can be found here (or for your convenience, a direct link to the file is here, but you should read the above link for instructions and such... Getting these two files is a bit tricky, though, since once your comp is infected, you usually don't have enough time to download them both (or even one of them) before the shut off comes... I had to fix my girlfriend's parents' XP box, and what I did was download the files on her Win 98 comp, zip them, put the zip on a floppy, and then install them on the infected computer... You should have enough time to at least run the removal tool before the shut off, so you can get rid of the worm and avoid the shut off... Another option is to enable the XP firewall, and then download the files...it's been reported to work well enough to hold it off for the time needed... I believe you can also run XP in Safe Mode and avoid the problem long enough to take care of it... Once you've got those two files, you need to take the following steps: 1) Disable System Restore: System Restore is a function of Windows that makes periodic backups of your system state... That way, if something screws up royally, you can go into System Restore, and reset your comp to the last working state... However, System Restore can also backup this virus...and potentially reload it later on... So, you've got to wipe out System Restore's saved files, and disable it until you've gotten rid of the worm... This is really easy, though... Just click on Start, Right Click on My Computer, and go to Properties... Click on the System Restore tab, and click the checkbox that disables System Restore... Doing so will shut it off, and automatically delete all files it is currently storing... 2) Run FixBlast.exe: This is the removal tool from Symantec that I mentioned above... It will get rid of all traces of the virus currently on your computer... Including deleting the virus itself, and also deleting the changed registry entires that make it run... 3) Install the MS security patch: This is the other file I mentioned above... What this file does is pluf up the hole that this worm uses to infect XP/2000/NT boxes... Apparently, there's a function of these new OSes involved in file sharing and networking and such that had a flaw through which this worm worms its way into your computer and sets itself up... This patch fixes that problem, and "immunizes" your comp from getting infected by this one again (and it can if you don't install this patch) 4) Run FixBlast.exe again: Just in case, to make sure the system is really clean... 5) Re-enable System Restore: This is optional, basically...but it's a good idea in case you actually need it some day... Just follow the instructions in step number 1 to turn it back on... ----- And there ya go! All fixed and safe from this particular virus... Here's a little bit more about how this one works: What it does is exploit a bug (mentioned above) in the newer MS Windows versions... By triggering an error in the "DCOM RPC", it opens a way into the system through which it sets itself up and downloads and installs the actual virus program... Upon every start up of an infected machine, the virus is set to run... Once it starts up, it first sends itself to any vulnerable computer that it can find that is connected to the net... It does this by running a random IP generating algorithm and sending itself to all generated IPs (non-vulnerable systems won't be affected, but all vulnerable systems will get the worm) Now, this act alone can cause all kinds of problems, especially in sucking up processing and bandwidth, since it uses your computer as a file server hundreds of times over, essentially... What this also means is that getting rid of the worm once without installing the security patch is basically worthless, because the worm will most likely be sent back to you sooner or later... And then, once that's done, you get the "This system will shut down, please save all unsaved work, blah, blah" alert with the one minute countdown... Now comes the really bad part... Starting Aug 16th, all infected computers are set to start launching Denial of Service attacks on Microsoft websites... Effectively bringing down the only method of fixing the problem, since the patch can no longer be gotten from the MS website (which will likely crash due to the huge number of simultaneous and constant queries from the infected computers)... This is scheduled to take place for the rest of the year... So, get it taken care of today (it's already the 15th)... | |
Theres another post with lots of information on this, you could also do a search-engine search for "RPC error" or "Lovesan fix" and you should come up with a number of articles on it as well as links to the fixes, though you will probably have to do it via safe-mode to download and/or install the patch.