 Email This Page to Someone |
 Footslog's Web Boards
 Cyber safety
 got Windows 'remote procedure call' error, forced 2 restart, & now can't change setti
|
| next newest topic | next oldest topic |
| Author | Topic: got Windows 'remote procedure call' error, forced 2 restart, & now can't change setti |
|
jonnyj Member |
posted September 06, 2006 03:40 AM
 
thank you. please don't spend much time on it though. Only let me know if you 'happen' to come across something. The new hard drive is working fine, and I plan to soon reformat the previous drive... ------------------ Never stop moving towards 'better' http://www.helpusall.com IP: Logged |
|
Josh1 Administrator |
posted September 05, 2006 03:35 PM
Well let me see if I can find anything, and thanks I am glad to help ------------------ Powered by Intelligent Computing Solutions. For every problem, there is a solution. Please give what you can to the Hurricane relief http://www.microsoft.com/mscorp/citizenship/giving/relief.asp IP: Logged |
|
jonnyj Member |
posted September 04, 2006 02:51 AM
I have given-up on this issue..... unless some fix is found magically. Unless a fix is found, it seems a better use of time to just use a different hard drive with XP, and transfer all my files and documents. On the other XP thread, the OE folders are the only thing not transferring right.. So if you find a fix please let me know... but if not then this thread is ended.
------------------ Never stop moving towards 'better' http://www.helpusall.com IP: Logged |
|
Josh1 Administrator |
posted September 03, 2006 05:15 PM
So this one is done? ------------------ Powered by Intelligent Computing Solutions. For every problem, there is a solution. Please give what you can to the Hurricane relief http://www.microsoft.com/mscorp/citizenship/giving/relief.asp IP: Logged |
|
jonnyj Member |
posted August 30, 2006 05:56 AM
okay, i just want to correct some inaccurate things i thought earlier. my old drive still can boot, even after the registry changes i made. without seeing any fix for the Windows Defender/RPC/Client for MS Network... i'm going to just change to a new drive. I discovered something else. So far, every XP install, all 3, has had RPC logged in with an account. My Mom's Windows2000 doesn't have it. So it may be that XP installs an account automatically. i'm switching to the XP thread now... i do hope this can help somebody else too IP: Logged |
|
jonnyj Member |
posted August 30, 2006 12:06 AM
I just remembered something :-) ... Before I made the change to the registry, i exported a copy of the registry. Can I use that to change the registry to the previous settings? *fingers crossed The system is a Dell, and apparently that matters...
[This message has been edited by jonnyj (edited August 30, 2006).] IP: Logged |
|
jonnyj Member |
posted August 29, 2006 10:03 PM
okay, this issue is closed.... I tried a few things, and even tried using Adavanced Uninstaller Pro to uninstall, or "force removal", but nothing worked. I didn't find anybody online who had the same problem who managed to fix it (with RPC disabled, and with Client for MS Network not installed) UNfortunately, I forgot to back-up my OE emails and addresses before i tried this! ouch I started a new thread on a more appropriate forum at footslog boards, rather than cyber safety. thanks for your help and ideas. even tho i didn't learn how to fix it... i did learn to be very cautious of beta programs, and i might start using the Windows Restore feature, just for when i make any changes. Thanks! IP: Logged |
|
jonnyj Member |
posted August 28, 2006 12:51 PM
avast didn't find anything. Since this situation, I installed some Windows Updates (uh-oh) The next time I started my computer, XP is missing a lot of functions... there is no tool tray, not clipboard functions, i can't access my network settings, i can't open any of the Services components, and the system takes a long time to load (easily 10+ times as long) An error message pops up I am unable to uninstall the program, even when in safe mode. I even tried to backup my registry, and then delete W.D. from the registry, but it wouldn't delete.
I'm unable to get into either RPC or my Networks to install/enable them. My goal is to delete/uninstall W.D. My best guess so far is that i first need to start RPC, and to install Client for MS Networks.
I called MS's 1-866-pcsafety, and all the ideas they gave me for WD were resulted in a "cannot do" pop-up window. The person told me that if anybody calls about W.D. problems, to tell them to go to the newsgroups and look for help.
Any ideas... or any other insights? JJ IP: Logged |
|
Josh1 Administrator |
posted August 24, 2006 02:06 PM
Did avast find anything yet? ------------------ Powered by Intelligent Computing Solutions. For every problem, there is a solution. Please give what you can to the Hurricane relief http://www.microsoft.com/mscorp/citizenship/giving/relief.asp IP: Logged |
|
jonnyj Member |
posted August 24, 2006 02:33 AM
Stinger didn't find any viruses. i've already ran several other scanners... the full load recommended at major geeks, and found nothing i'll run avast now but it'll take 30 hours + IP: Logged |
|
jonnyj Member |
posted August 24, 2006 02:25 AM
I just found out, that within the RPC window, i can click "local service account" and the passworded account clears I'm running Stinger now, which supposedly will cover Blaster IP: Logged |
|
jonnyj Member |
posted August 24, 2006 01:35 AM
that is exactly what the error message said. I'll look for a virus scanner for Blaster.
The RPC error happened a week or more later tho. thanks for the lead... i'm going now to look for a blaster scanner... IP: Logged |
|
Josh1 Administrator |
posted August 22, 2006 04:05 PM
Your second computer, if it was never connected to the Network, or Internet, no wireless capabilities then it would only make logical sense that this account was made by Windows. What does event viewer say? Have a look a this “The RPC (Remote Procedure Call) was made famous in 2003 by the Blaster Worm virus, which used the protocol to initiate a shutdown of the Windows computer system, without the user's input. The only way to prevent this shutdown was to quickly access the window services snap-in, and disable the ability of RPC to shutdown the computer. This worm caused widespread chaos in the Windows XP community when it was released.” But if you have updated this PC with all the XP updates then you should not get this problem. Now if you have not then it is possible that this exploit could have exposed your system, to all kinds of things. When you run mmc, are you running it as Administrator? But after reading this again that you wrote “Then a Windows window popped-up saying that my "remote procedure call" was unexpectedly terminated, and i would be forced to restart in 1 minute” this looks like the work of the Blaster virus. Have a read at these http://www.footslog.com/board/Forum18/HTML/000149.html This error message that Blaster gives “The Remote Procedure Call (RPC) service terminated unexpectedly. The system is shutting down. Please save all work in progress and log off. Any unsaved changes will be lost. This shutdown was initiated by NT AUTHORITY\SYSTEM.” Is similar to yours http://support.microsoft.com/?kbid=826955 http://www.footslog.com/board/Forum18/HTML/000290.html You are welcome for the help ------------------ Powered by Intelligent Computing Solutions. For every problem, there is a solution. Please give what you can to the Hurricane relief http://www.microsoft.com/mscorp/citizenship/giving/relief.asp IP: Logged |
|
jonnyj Member |
posted August 22, 2006 04:45 AM
I should say again and make it clear... I really don't know if there was an account in RPC before... i never looked at it. So if it's a normal part of XP installing itself (I did the install myself, alone), then it seems fine. my first concern is if anybody hacked to get control of my system... and if not, then just to figure out if i want to disable that account, if i'm even able to thanks for your help.. :-) IP: Logged |
|
jonnyj Member |
posted August 22, 2006 04:42 AM
the computer wouldn't let me finish the 'add/remove snap-in' procedure. It said I could only access the account from User Accounts. This issue is happening to both my computers. My one computer has been online, and it's very possible for someone to hack it. It is behind a router and has almost every protection trick i've read about.. but it's still possible. But my second computer had never been connected to anything. I bought the motherboard, and assembled it and attached it to monitors. And i live with only 1 other person and she would have no interest or idea how to even turn the computer on... i'm sure she didn't add any account or connect it to the net. It seems that the only way a RPC account could get on that computer, is if it happened automatically as a part of installing XP. I have never looked at this RPC before, so i have no idea if all computers have an account there, or what. Is it common to have a RPC account set up automatically on it's own? Do you have any other ideas? thanks, this is either a normal, or very odd situation. i'm glad i'm not alone in trying to figure it out IP: Logged |
|
Josh1 Administrator |
posted August 16, 2006 04:02 PM
Well the only time Windows will create an account in when you setup windows or add an account. To have an account just created from no where I don’t think that is possible. But because this machine has never been attached to any kind of network, is even stranger. Were you able to find anything in event viewer? ------------------ Powered by Intelligent Computing Solutions. For every problem, there is a solution. Please give what you can to the Hurricane relief http://www.microsoft.com/mscorp/citizenship/giving/relief.asp IP: Logged |
|
jonnyj Member |
posted August 15, 2006 07:34 PM
thanks... Well, my second computer has never been attached to the internet or any network. It has also never even been plugged into a modem or router, and has no wireless nic installed. And I am the only person who ever used it, I am sure of these. So it seems like the account and password has to be done by windows itself, since I didn't create them. what do you think? makes sense? IP: Logged |
|
Josh1 Administrator |
posted August 15, 2006 04:26 PM
Run a hijack this scan; are you able to delete the account? This may be a long shot, but if you go to control panel then administrative tools and event viewer you may be find out when and what time this new account was created. You should be able to delete that account, To find more info about this account, go to start run then type in mmc then go to file add remove snap in, then go to add then go to local users and groups, then click add then close that dialog box out, then click ok on the bottom one, now you can see all the users and accounts on your machine. Go to users double click on the user and then all your options are there. You can save that console, and you can also add other snaps in through the same method. Is it possible that someone added themselves as a user and can access remotely your machine? I have never heard of this but it could be possible. ------------------ Powered by Intelligent Computing Solutions. For every problem, there is a solution. Please give what you can to the Hurricane relief http://www.microsoft.com/mscorp/citizenship/giving/relief.asp IP: Logged |
|
jonnyj Member |
posted August 15, 2006 04:11 PM
My CPU usage is fine. What I was concerned about is the RPC account with a password, that I didn't create. Since the same account and password length is on my second computer (which has never connected to the net or a lan), I'm figuring that the account and password was not created by any hacking or spyware.. JJ "I don't know what your destiny will be, but one thing I do know: the only ones among you who will be really happy are those who have sought and found how to serve." IP: Logged |
|
Josh1 Administrator |
posted August 15, 2006 02:56 PM
Well if you go here you find out what a RPC is,http://en.wikipedia.org/wiki/Remote_procedure_call is that what is eating your CPU usage up? Do you have Process Explorer? ------------------ Powered by Intelligent Computing Solutions. For every problem, there is a solution. Please give what you can to the Hurricane relief [This message has been edited by Josh1 (edited August 15, 2006).] IP: Logged |
|
jonnyj Member |
posted August 13, 2006 04:29 PM
thank you... i can log on the computer the service is "remote procedure call" (RPC) I checked my 2nd computer, which has never connected to the internet or a network, and that also has an account for the RPC. And I never created one on it. I'm thinking that that RPC account is possibly set up automatically by windows or a device. Does that sound likely? I ran a slew of scanners, adaware, spybot, ewido, kill2me, vundofix, CWCleaner, and they didn't find anything. IP: Logged |
|
Josh1 Administrator |
posted August 13, 2006 04:21 PM
Are you able to log on your PC? If you can log on as Admin, then go to use r accounts and delete that account, you may need to go into safe mode. Do you know the name of this service? You will also want to make sure you run a virus scan and Spyware scan, also post a hijack this log. ------------------ Powered by Intelligent Computing Solutions. For every problem, there is a solution. Please give what you can to the Hurricane relief http://www.microsoft.com/mscorp/citizenship/giving/relief.asp IP: Logged |
|
jonnyj Member |
posted August 12, 2006 06:43 PM
I was on the greenpeace forum, the first time after just registering. Then a Windows window popped-up saying that my "remote procedure call" was unexpectedly terminated, and i would be forced to restart in 1 minute. The computer restarted, and I immediately went to the RPC setting in Services. I noticed that there is an account within it, and a password... and I have created neither. The password is too long to be any password I use for windows or administrative purposes on this computer, or my router. And I am unable to change the settings. I would like to stop this service, and I don't feel safe knowing it somehow was started and there is a password on an account that i never created (and nobody else uses my computer)
IP: Logged |
All times are CT (US) | next newest topic | next oldest topic |
  |
|
Contact Us | Footslog Home
The information presented on FootsloG.com is copyrighted as a collective work. FootsloG.com is free for personal use (non-commercial). Any other use FootsloG.com, including copying or reproducing any portion of this web site is strictly prohibited without the express written consent of FootsloG.com. If you have any questions about the usage term please contact us via email: webmaster@footslog.com.