"Remote Procedure Call Error"

[Navaros]

just now i was hosting a game of Total War when my dumb God-forsaken hellspawn XP Pro OS sent me back to the desktop with the message there has been a Remote Procedure Call Error, Windows must shutdown. save your work or it will be lost - and then it starts a 45-second shutdown timer at which time the OS resets my computer

i logged back in and started ANOTHER game of Total War, hosting again, and shortly after the battle started i got the same exact error a second time

this is REALLY aggravating me.

can one of you please tell me:

1. WHAT Remote Procedure Call Error means exactly?

2. how i can isolate and FIX this problem so it never happens on my computer again

btw i don't use any firewalls or routers at all so that's not causing a problem and i use 56k dialup.

[motorhead]

99% probability you have a worm. If you just google 'remote procedure call error' you'll find nearly every hit (alright, the first 20 or so) refer to the blaster/lovsan worm, or some variant.

dumb God-forsaken hellspawn XP Pro OS
- keep your OS patched
- put up a firewall, XP comes with a built-in firewall, or download zonealarm, it's free

To stay on-line long enough to get the necessary updates, patches, and removal tools, click Start > Run, and enter shutdown -a when the next RPC countdown begins. This will abort the shut down.

[Navaros]

got more info now

it's not exclusive to Total War

this just happened to me 3 more times when all i did was boot to the Desktop and surf the net trying to figure this BS out

the message Windows gives me is Windows must shutdown because there was an error in the RPC process

[Navaros]

i had zonealarm before and it REALLY sux - doesn't block hardly anything. and worst of all, it screws up your Windows by removing necessary Windows regkeys on an Uninstall of zonealarm. don't know why you'd be recommending a POS firewall like that altho i appreciate you trying to help me

i'll install Norton System Works 2003 and LiveUpdate it to see if i have a Worm

now i also get the message when this happens: the RPC process had terminated unexpectedly

i turned OFF the built-in XP firewall earlier tonight (problem first occured shortly after i did that) because no one can SEE the games i host in Total War if i have that on.

[Oaty]

Easy way to host a game with a firewall is to turn the fire wall off host the game. Once you host it Alt Tab to desktop and turn your firewall back on. People still can join your game then even with the firewall on its the fact the necessary info to host the game was sent to the server while the firewall was off. This is what worked for me and if your quick enough you only have your firwall offf for 15 seconds

[Mouzafphaerre]

-
Don't also neglect the possibility of bad drivers. Bad display or TV-card drivers do cause such anomalies.

Hth.
_

[Navaros]

i have been having a lot of display issues which is why i upgraded to the most loathsome and repugnant OS EVER MADE: XP. i had no CHOICE cuz it seemed my damn VIAGART driver wouldn't work with my mobo on a Win 98 SE OS. but i am using a MS certified NVIDIA driver now

i've also noticed other weird things happening before like my system clock will go out of whack randomly. the hour it displays is off by a few sometimes when i boot my PC although the minutes are unchanged.

right now i'm having problems installing Norton AV 2003. it tells me Norton AntiVirus encountered an internal program error. Please uninstall and reinstall Norton AntiVirus

of course after i've reinstalled the SAME THING HAPPENS. are there worms out there designed to fubar Norton AV like this or am i just cursed?

[Finn]

If you want a decent free firewall try Kerio

the latest version also has monitoring of applications running other applications aswell, i use it and have no problems, it runs a 30 day trial on the pop-up blocker and privacy stuff, but at the end of the 30 days the firewall and app monitor still works, its just the pop-up blocker stuff that stops

[Navaros]

ffs i DO have a worm. i solved my NAV 2003 install probs and LiveUpdated it.

now it says:

Norton AntiVirus has detected a virus on your computer. D:\Windows\system32\msblast.exe

Virus name: w32.blaster.worm

Action taken: unable to repair this file


so my question is: is this likely to be what was causing my RPC Errors and HOW do i get rid of ALL TRACES of this filth since NAV won't do it for me?

[SwordsMaster]

get your windows cd, serach it for the file, paste it on the desktop, replace it with the one you have already, and then update drivers again.

Hope it helps

[Voigtkampf]

Oh, that jolly fellow Well, that is not splendid, my dear, not at all; if I am not gravely mistaking, the 1.1 service pack for your dumb God-forsaken hellspawn XP Pro OS should take care of that.

[The_Emperor]

Remote Procedure Call Errors are normally caused by that god forsaken Blaster Virus.

I'm afraid you'll have to patch your system and use an up to date virus scanner software to remove it

On average a system that is unpatched gets infected with it three seconds after connecting to the internet



I assume thats the error message you get.

Below is a link to Microsoft's page on the blaster virus that exploits their buggy software and the steps needed to remove it.

What You SHould Know About The Blaster Worm

[Navaros]

thx guys i'm sure i'll figure this out eventually. getting rid of it will just be a huge pain in the neck.

guess i'm lucky in that i've been running XP and on the Net for a few weeks and never get the worm til now. i beat the 3-second average by a longshot. LOL

for those wondering why XP is an evil hellspawn from Satan himself which i have nothing but profound disgust and hate for, let me count some of the ways:

1. Integrated spyware/adware

2. No way to UNINSTALL IE 6.0 and MSN Messenger

3. Flash Player is now integrated into IE 6.0 which is a BS, should-be-illegal exscuse to allow Macromedia/MS/everyone else (this site included - boy, i hate those flasing smilies) to invade your eyes with obscene flashing ads/paraphenilia constantly and a legal (i doubt it would be if someone Court-challenges it tho) loophole that so far has allowed Macromedia's Flash Player Uninstaller to have NO EFFECT on the Flash Player which is installed in IE 6.0. note: i do hope to God that someone sues the Hell out of MS and Macromedia for this Crime Against Humanity.

4. Babyish-looking, retarded interface. looks like it was designed for mentally-challenged infants who's fave TV show is Tele-tubbies. most annoying of all are the Useless Blue Columns which waste 1/5 of your screen space for no rational reason. note: i know that some of such interface bastardizations can be corrected to a more 98 SE-esque setting - but the POINT is that it's a PAIN IN THE BUTT to do that and a torturous process that no end-user should ever have to go thru.

5. No Show Desktop button by default. i have to dig around like i'm on a treasure hunt or something just to have a Show Desktop button (an ESSENTIAL FUNCTION) in my taskbar when it SHOULD be there by default.

6. the separation of My Computer and Control Panel. i'd like to see the person who implemented THAT decision be slowly tortured to death before my eyes. these two things REALLY need to be together making them seperate just turns most navigation into a huge pain in the butt.

7. No MS-DOS. inability to properly play the very best video games ever made.

8. No CTRL ALT DEL rebooting. just makes the whole process of closing programs/rebooting needlessly cumbersome and tedious.

9. the find files or folders function is bastardized to the point that during 100% of any searches you ever make, your eyes have to wade thru tons upon tons of utterly useless text, with no way to remove that useless text. such text serves no other purpose than to pander to the aforementioned mentally-challenged infants, and is fixated upon one of the rightfully-hated Useless Blue Columns - with no possible way to eradicate that column.


...and i'm sure there are many, many more points i could bring up but do which do not come to mind right now since i haven't slept last nite due to being up late playing games/fighting the worm virus and hence my mind is not at peak performance ATM.

[motorhead]

goto symantec's site, do a search on 'blaster removal tool', step-by-step instructions on the howto.

[Navaros]

now that i think about it, i was wrong when i said i beat the 3-second average seeing as i must have got this worm shortly after i disabled my in-built XP firewall in order so o could Host Total War games.

i am curious about some things:

1. what is the PURPOSE of the worm that i had besides to aggravate end-users? what other stuff does it do besides shutting down your PC?

2. HOW is the worm so prevalent to the point where almost anyone who has XP and no security updates/firewall will get it almost instantly when connected to the Internet? i do not understand how any worm could amass THAT much power and would like an in-depth explanation as to how that came to be.

[Finn]

Quote[/b] (Navaros @ April 17 2004,20:53)]2. HOW is the worm so prevalent to the point where almost anyone who has XP and no security updates/firewall will get it almost instantly when connected to the Internet? i do not understand how any worm could amass THAT much power and would like an in-depth explanation as to how that came to be.

due to so many people not having the inclination or the knowledge to take security precautions.

the internet is now basically a warzone, but most people dont seem to realise this, unless you only go out with the equivelent of a flackjacket (eg up to date AV, a firewall, and a regularly updated system) you become a casualty

[The_Emperor]

Quote[/b] (Finn @ April 17 2004,21:32)]

Quote[/b] (Navaros @ April 17 2004,20:53)]2. HOW is the worm so prevalent to the point where almost anyone who has XP and no security updates/firewall will get it almost instantly when connected to the Internet? i do not understand how any worm could amass THAT much power and would like an in-depth explanation as to how that came to be.

due to so many people not having the inclination or the knowledge to take security precautions.

the internet is now basically a warzone, but most people dont seem to realise this, unless you only go out with the equivelent of a flackjacket (eg up to date AV, a firewall, and a regularly updated system) you become a casualty

Yep, you only have to look at the massive number of Varients of Netsky and Bagle and the insults between them that they have written in the source code of their worms that these hackers are having playground spats with each other...

The problem is a lot of people are totally ignorent about the security risks that exist on the web from Viruses, Hackers, and the like.

Clearly some form of education needs to be given to a user on this subject before we let them loose with a broadband connection

Part of the problem is that MS Windows ships unpatched on brand new systems, and Blaster tends to infect them before they have even managed to get onto Window update to get down the patches they need

My advice is to always have a firewall and an anti-virus software that is regularly up to date... and don't neglect those Patches for windows either.

[Navaros]

here are the problems i had when i use to have ZoneAlarm:

1. as stated earlier, ZoneAlarm deliberiately deleted a NECESSARY regkey from my System when i uninstalled ZoneAlarm. due to this reason alone i'll never use another ZoneAlarm product. the fact that they delete necessary regkeys on uninstall throws their credibility 100% out the window in my book.

2. ZoneAlarm didn't seem to block very much. for example, with ZoneAlarm running i've had my IP address acquired by third-party hackers via a connection to WON.net, and on other occasions via connections to IMS'es. so i'm wondering, if i install ANOTHER firewall, will hackers still be able to breach my computer and acquire my IP address so easily; or are there firewalls that ACTUALLY BLOCK THIS NONSENSE? or do i NEED an IP spoofer IN ADDITION TO a firewall to prevent this?

3. when i went to a certain site with ZoneAlarm running, that site displayed on it's webpage the entire layout of my Desktop (file names and the actual icons as the appear on my Desktop were shown on this webpage). how the Hell did that site do this, and can firewalls block this BS? - cuz ZoneAlarm sure did not.

[motorhead]

Quote[/b] (Navaros @ April 17 2004,20:06)]here are the problems i had when i use to have ZoneAlarm:

1. as stated earlier, ZoneAlarm deliberiately deleted a NECESSARY regkey from my System when i uninstalled ZoneAlarm. due to this reason alone i'll never use another ZoneAlarm product. the fact that they delete necessary regkeys on uninstall throws their credibility 100% out the window in my book.

2. ZoneAlarm didn't seem to block very much. for example, with ZoneAlarm running i've had my IP address acquired by third-party hackers via a connection to WON.net, and on other occasions via connections to IMS'es. so i'm wondering, if i install ANOTHER firewall, will hackers still be able to breach my computer and acquire my IP address so easily; or are there firewalls that ACTUALLY BLOCK THIS NONSENSE? or do i NEED an IP spoofer IN ADDITION TO a firewall to prevent this?

3. when i went to a certain site with ZoneAlarm running, that site displayed on it's webpage the entire layout of my Desktop (file names and the actual icons as the appear on my Desktop were shown on this webpage). how the Hell did that site do this, and can firewalls block this BS? - cuz ZoneAlarm sure did not.

1 - dunno about this, quite possible a version of ZA had a bug when uninstalling. But, i've been using ZA for 4+ years.

2 - when i run the shieldsup port probe from grc.com, it identifies my pc as running in full stealth mode - ZA refused to respond to any unsolicited query on 1056 commonly used ports. I'm happy with that. Using any IMS is risky, they're built for ease of use, not security. Once you give the OK for an IMS to pass thru your firewall, you essentially pass responsibility for security to the IMS program.

3 - to my knowledge no firewall can block this. When you load a web page, you have to give that site a valid IP in order for you to receive data. No IP, no service. If your ISP is running a proxy server you will be somewhat transparent, depending upon how they've implemented it. Good admins and maintenance will provide better security, most ISPs don't.

[Finn]

Quote[/b] (Navaros @ April 18 2004,01:06)]3. when i went to a certain site with ZoneAlarm running, that site displayed on it's webpage the entire layout of my Desktop (file names and the actual icons as the appear on my Desktop were shown on this webpage). how the Hell did that site do this, and can firewalls block this BS? - cuz ZoneAlarm sure did not.

that is nothing whatsever to worry about, its a trivial trick, just pointing IE at your local machine, it means YOUR Internet Explorer is showing you machine to you, something thats perfectly secure, its not sending any of this information anywhere else, the owner of the website doesnt see your desktop for instance

it was quite popular a few years ago as something you forwarded around to scare your mates

and ZoneAlarm is a piece of rubbish, have a look at kerio i gave a link to earlier, in most of the firewall roundups i have looked at it came out as one of the best, better than some £100+ firewalls and its free

[Navaros]

i have removed the worm but it seems i have a worm-related problem

whenever i boot my computer i get the message could not load the file D:\Windows\image.dll as soon as i pass the XP Pro Welcome Screen

can someone please tell me the proper way to re-install this file from the XP Pro disc? i am not gonna re-install windows entirely or download and install a third-party program to fix this (as some sites i've searched on suggested that i do).

if one of you could just give me the exactl Start>Run command that i need to fix this: where D:\ is my hard-disk drive and E:\ is my CD-ROM drive, that would help me alot.

[squippy]

I ran image.dll thru Symantecs web page and found that it may be another infection rather than an actual required component:



Behavior
Adware.Iefeats is an adware component that modifies the Web browser's default home page without your permission

Symptoms
The files are detected as Adware.Iefeats.

Transmission
This adware component must be manually installed, or it may be installed as a component of another program that you install.

File names: Msiesh.dll; iefeatsl.dll; image.dll;
Mshp.dll




image.dll
When image.dll is initialized, it does the following:

Registers itself as a Browser Helper Object by creating and populating the following keys:

HKEY_CLASSES_ROOT\CLSID\{0B40A54D-BEC3-4077-9A33-701BD6ACDEB2}
HKEY_CLASSES_ROOT\Image.Image
HKEY_CLASSES_ROOT\Image.Image.1


Adds the value:

Image= rundll32 \image.dll,UpdateDll fs

to the registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run


Adds the value:

Image= rundll32 \image.dll,UpdateDll fs

to the registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices

----

I bet this is initialising becuase Windows uses Explorer tio view the file system - so its got a call to this file and it is not there. What you need is to edit the registry... but I dont know if you can get to it. OTOH, maybe start -> run -> regedit will work because that is not likely to invoke explorer.

Full article here:
http://securityresponse.symantec.com/avcente....ts.html

[Ashen]

www.windowsupdate.com

Download the MS Blaster fix. Its that simple.

find ms_blast on your pc and delete that aswell. nasty worm that affects every unprotected computer running on an NT system.

[Gregoshi]

It sounds like we have one sick PC. I'm sending this to the Doctors: off to the Apothecary you go...