[AccessD] martin's problem - SOLUTON

Steven W. Erbach serbach at new.rr.com
Tue Aug 12 16:57:56 CDT 2003 

Dear Group,

>> This link point's to Symnatec's fix for the worm. Look for "Removal using
the W32.Blaster.Worm Removal Tool" to locate the link to the fix file. <<

For what it's worth, I went to a client's site to eradicate the Blaster
Worm. SHEESH! It's a Win XP Home system that has not been updated to the
most recent Windows update since they bought it about two years ago. It has
Norton AntiVirus 2003 on it, but, of course, the last time they did a virus
update was last week. They have no firewall.

I was able to download the Symantec "fix" while in normal Windows, but I had
to run the program in Safe Mode since the RPC error / Shutdown message
appeared every time I tried to run the fix. So far so good.

I thought that I'd try to go to the Windows Update site. It showed that this
PC, of course, hadn't ever been updated, so there were 34 critical updates
to make. Started the first one...RPC error / Shutdown.

Okay, lets update Norton AntiVirus. Did that, but I still got the RPC error.
Shutdown.

Started up in Safe Mode and ran a full Norton AV System Scan. 114,000 files
later there were no viruses present.

Restarted in normal Windows and went to the Windows Update site. Norton
displayed its W32.Blaster.Worm detection screen and said that it had been
deleted...but a minute or two later the RPC error appeared again anyway and
I had to shut the system down and restart.

I tried this Windows Update thingy a few more times. There were a couple of
times after the Norton AV message appeared indicating that, once again, it
had deleted Blaster.Worm, a Windows message appeared indicating that the
Generic Host Process for Win32 Services had encountered a problem and needed
to close. Right after that the RPC / Shutdown error appeared. Restart.

I finally got wise that Windows REALLY needed to have the MS KB823980 patch
applied. I hadn't tried that right away because I thought that Windows had
to be updated to the most recent level first. I tried to run the file from
the Microsoft site rather than saving to disk and got both the Generic Host
Process error and the RPC error. Shutdown and restart.

I got even MORE wise and restarted in Safe Mode With Network capability. I
downloaded the patch all right...but instead of applying it I thought I'd
try the Windows update again. RPC. Shutdown.

Restarted in Safe Mode with Network. Started the patch. RPC / Shutdown.

Restared in Safe Mode WITHOUT the network. Ran the patch. COMPLETED!

Restarted in Safe Mode WITH Networking to try Windows Update again. Finally
the PC began downloading the huge number of pieces that it needed to upgrade
Win XP to the current revision. I left my client's office about 4 hours
after I'd arrived, giving them instructions to call when the downloads were
completed. I should be able to walk them through the Windows Update process
tonight.

They have DSL but it was god-awful slow. 95 MB download estimated at about
200 minutes...more than 10 times slower than my cable service would take.

So, the upshot is, if the PC hasn't been updated to the most recent version
of XP lately (or at all) make sure that you download and run everything in
Safe Mode...and make sure to run the MS patch in Safe Mode WITHOUT
networking. I must have seen that RPC shutdown thing two dozen times or
more, and the General Host Process error 8 or 9 times.

It's now looking good, but we're not finished upgrading Windows XP yet. I'm
crossing my fingers that the guy on the other end of the phone is somewhat
proficient. Crossing my fingers.

Steve Erbach
Scientific Marketing
Neenah, WI

"Eventually, socialists run out of other people's money."
-- Lady Margaret Thatcher

More information about the AccessD mailing list