Steven W. Erbach
serbach at new.rr.com
Tue Aug 12 16:57:56 CDT 2003
Dear Group, >> This link point's to Symnatec's fix for the worm. Look for "Removal using the W32.Blaster.Worm Removal Tool" to locate the link to the fix file. << For what it's worth, I went to a client's site to eradicate the Blaster Worm. SHEESH! It's a Win XP Home system that has not been updated to the most recent Windows update since they bought it about two years ago. It has Norton AntiVirus 2003 on it, but, of course, the last time they did a virus update was last week. They have no firewall. I was able to download the Symantec "fix" while in normal Windows, but I had to run the program in Safe Mode since the RPC error / Shutdown message appeared every time I tried to run the fix. So far so good. I thought that I'd try to go to the Windows Update site. It showed that this PC, of course, hadn't ever been updated, so there were 34 critical updates to make. Started the first one...RPC error / Shutdown. Okay, lets update Norton AntiVirus. Did that, but I still got the RPC error. Shutdown. Started up in Safe Mode and ran a full Norton AV System Scan. 114,000 files later there were no viruses present. Restarted in normal Windows and went to the Windows Update site. Norton displayed its W32.Blaster.Worm detection screen and said that it had been deleted...but a minute or two later the RPC error appeared again anyway and I had to shut the system down and restart. I tried this Windows Update thingy a few more times. There were a couple of times after the Norton AV message appeared indicating that, once again, it had deleted Blaster.Worm, a Windows message appeared indicating that the Generic Host Process for Win32 Services had encountered a problem and needed to close. Right after that the RPC / Shutdown error appeared. Restart. I finally got wise that Windows REALLY needed to have the MS KB823980 patch applied. I hadn't tried that right away because I thought that Windows had to be updated to the most recent level first. I tried to run the file from the Microsoft site rather than saving to disk and got both the Generic Host Process error and the RPC error. Shutdown and restart. I got even MORE wise and restarted in Safe Mode With Network capability. I downloaded the patch all right...but instead of applying it I thought I'd try the Windows update again. RPC. Shutdown. Restarted in Safe Mode with Network. Started the patch. RPC / Shutdown. Restared in Safe Mode WITHOUT the network. Ran the patch. COMPLETED! Restarted in Safe Mode WITH Networking to try Windows Update again. Finally the PC began downloading the huge number of pieces that it needed to upgrade Win XP to the current revision. I left my client's office about 4 hours after I'd arrived, giving them instructions to call when the downloads were completed. I should be able to walk them through the Windows Update process tonight. They have DSL but it was god-awful slow. 95 MB download estimated at about 200 minutes...more than 10 times slower than my cable service would take. So, the upshot is, if the PC hasn't been updated to the most recent version of XP lately (or at all) make sure that you download and run everything in Safe Mode...and make sure to run the MS patch in Safe Mode WITHOUT networking. I must have seen that RPC shutdown thing two dozen times or more, and the General Host Process error 8 or 9 times. It's now looking good, but we're not finished upgrading Windows XP yet. I'm crossing my fingers that the guy on the other end of the phone is somewhat proficient. Crossing my fingers. Steve Erbach Scientific Marketing Neenah, WI "Eventually, socialists run out of other people's money." -- Lady Margaret Thatcher