dexter

I just did a quick google and it came up with this as an answer...

 

NT Authority\System RPC Exploit Worm

 

Here's the text:

 

By: Borrow -A- Geek @ ozzu.com

this is an important notice. as some of you may know iwork tech support for a cable internet provider. today was a living hell here at work, because litterally 10's of thousands of people flooded the call center with this worm that has unleashed its fury on ALL versions of windows, mostly windows XP and window 2000.

 

i was hit by this thing and it was a *BLEEP* to remove. (i didnt remove it my girlfriend actually did while i was stuck at work,(yup she is a guru like me, lol)) but it got taken care of. look for a post below real soon for the removal instructions.

 

Symptoms:

 

you get a windows message that says

 

System Shutdown:

This System is Shutting down. Please save all work in progress and log off. Any unsaved changes will be lost. This shutdown was initiated by the NT AUTHORITY\SYSTEM

 

TIME BEFORE SHUTDOWN 00:00:60

 

Message:

Windows must now be restarted because the Remote Procedure Call (RPC) service. terminated unexpectedly

 

Technical Details

The Remote Procedure Call (RPC) protocol on the Windows operating systems provides a mechanism for a program running on one machine to execute code on another machine. Windows uses the Distributed Component Object Model (DCOM) to help manage communications of Windows components over a network, typically (but not always) the TCP/IP networks used in most environments. The DCOM interface to RPC accepts network connections on TCP port 135, and fails to validate message inputs during the instantiation of DCOM objects. By sending an appropriately malformed RPC message, an attacker can cause a vulnerable machine to execute arbitrary code within the security context of the RPC service, typically the SYSTEM context [1,2].

 

The researchers who discovered the vulnerability were able to create proof of concept exploits for Windows 2000/XP (running SP4 and SP1 respectively). They were also able to bypass the buffer overflow protections included as part of Windows 2003, and gain SYSTEM privileges there as well.

 

The vulnerable components of the Windows operating system are installed by default on all versions of Windows, and cannot be disabled without crippling a number of core Windows components.

 

 

references:

 

http://www.microsoft.com/err/technet/security/

 

http://forums.xisto.com/no_longer_exists/

 

http://forums.xisto.com/no_longer_exists/

 

 

finding and identifying the problem:

 

Go and get the patch from here, choose the right version for your system. If

you don't know whether your system is "32 bit" or "64 bit" then its 32 bit.

https://support.microsoft.com/en-us/kb/823980

 

Next check your system for unusual processes that may be running. In

particular watch out for:

(NOTE, THIS LIST IS NOT EXCLUSIVE, KEEP AN EYE OUT FOR ANY UNUSUAL ACTIVITY)

MSBlast.exe

rpc.exe

rpctest.exe

dcomx.exe

lolx.exe

worm.exe

 

Scan with an up-to-date virus scanner to help with removal of nasties that

might be left on your system.

Next, visit http://windowsupdate.microsoft.com/windowsupdate/v6/default.aspx and grab hold of all

critical updates. Yes, all of them. Try to make a habit of doing this on a

regular basis. note tht critical updates are mentioned. not the standard updates. critical updates usually fix exploits to your computer that can cause problems by hackers or viruses.

 

I'm sure there are other forum-retarded people too. Give us an edit button!

I think you should spin off a little thread for the looping processes, so you can shut it down when you want it to.

 

This is probably going to sound vague but hopefully sets you off in the right direction, or at least spark some ideas.

 

e.g. - Oh, and this isn't using CWinThread::CreateThread, but ::CreateThread.

 

HANDLE loopThreadHandle = ::CreateThread(NULL, 0, loopFunction,

(void*)param, 0, NULL);

[\CODE]

 

Now, when onStop() is called, you can have somewhere inside...

 

[code=auto:0]

CloseHandle(loopThreadHandle);

[\CODE]

 

I can't be sure how'd you'd pass all your values around, but I'm sure if you bundled it up in a class properly, it could work.

 

The other option is creating a derived class for CWinThread that has all the looping in it... I could be wrong though, only having briefly touched on MFC.

I've just started into assembly, and the particular course I'm doing is using the Intel style syntax. Anyway, I'm looking for a few decent sites that have a good side-by-side comparison of the Intel and AT&T styles. So far, my googling has only come up with sites telling me why one is better than the other. *rolls eyes*And as a side note, I really want to know why this forum is a Delphi/Assembly forum, when Pascal is a high-level language...? (or are Delphi Pascal and Turbo Pascal two different things and I'm just being stupid?)

Actually, starting up and shutting down your system a lot is much the same as starting and stopping your car engine a lot... the starter burns out faster.Once warmed up, it's better for the electronics to stay that way.Anyway, your computer won't die if you leave it on all the time. And if you're worried about it starting fires, you'll find that most systems have a bios setting that allows you to have it shut down if it hits a certain temperature in the case/processor.Worried about power? Use the power settings. Set it so the moniter turns itself off after half an hour, and the sleep function can put your PC into a low power mode without having the machine shut down.

It depends on my purpose with using the software. I buy most stuff, especially if I use it a lot. But, if I'm using it for what I see as "educational" projects or for university courses, I don't see the point in paying $200 dollars for a package that will most likely only be use a few weeks.Although, I do try alternatives first, though... open source, etc...If for some reason, I did make any money from it, then I would feel compelled to go and pay for the package that earned me the money.That's how I feel about the whole thing.

I was impressed with the AMD64... straight out of the box it's running cooler than my 32-bit AMD. I haven't seen a huge performance difference, but I imagine it will be noticeable as we start seeing stuff that's optimized for the 64-bit processors.It's an Opteron 3000... the 32-bit is a 2800+ of some description.

Great job copying and pasting. I hope you burned some calories.Anyway, to add something to this topic.I was under the impression that as a measure to stop that, every account had a limited amount of resources allocated, including the amount of new processes. I'm still working out some of the finer admin abilities of *NIX, is there any way to limit the amount of threads a user may have at once manually?

"She's never going back to that school," Akins said. "They set my baby up."

Interesting. I was under the impression that she:

..she threw books and boxes, kicked a teacher in the shins, smashed a candy dish, hit an assistant principal in the stomach and drew on the walls.

Set her up? They took her jellybeans away and she threw a tantram... I think that's a good wake up call putting the cuffs on her. Spoilt little brat.

The stock market is a lot more than speculation. Actually it's a statistical anomoly. Believe it or not, it follows certain patterns. If one is able to look at the rules, combine them with the current news and the way other people are reacting on the stock market, it's possible to make good trades most of the time.It's like anything. You do your research and stick to your plan, you come out ok (mostly), you ignore them, it bites you in the *bottom*.

It all depends on what you listen to. A bands I listen to run their own labels, so they play what they want, or are signed to smaller labels that want quality and not necessarily quantity (but it's always good to have a bit of quantity).

Frustrating, yes. How hard is it to find something to talk about, in your own words... I mean... how about this one...

C&C Generals README

Is it that difficult to use your little brain to think of something to write about? If you're desperate for hosting, go pay for it, and don't waste our time posting crap.

*sigh*

Going off now to deduct rep points from all those mindless morons.

Heck, because all old games used Real mode to get the most out of the system.Actually, I really don't even know why I tried to run it in Windows... but I'm truly glad I did. That's the funniest thing I've ever seen in my life.I was running it to try and work out what was missing because 'exult' on Linux was reporting a missing directory, and I was seeing whether the game actually needed that directory to run. I think the directory was GAMEDATA... and there was a file in there it needed, but with the copy of U7 I've got, that folder doesn't exist... strange.

Soooo, you want to know if it has 5 digits... why not just test the bounds of a 5 digit number... 10000 - 99999....?It all depends on what the input can be, though. Can it be 02180, or does it have to be an actual 5 digit number. If it is the latter, then the very first thing I said applies to your case.

Ok, something seriously needs to be done about getting us an edit button, especially for forum-retarded people like me...

 

Should've been:

 

 

And if that didn't work, I'm going to go and poke my eyes out with a blunt stick. Maybe. Well, I'll at least do something.

 

Soooo... looks like it could be right.

Until every game package has both the ability to be run on Linux and Windows with little to no fiddling, will be the day I use primarily Linux. But, there are too few games that support linux (kudos to the bioware crew for making NWN linux-compatible, though).Add to the fact that ATi make terrible drivers for Linux (I was running a game that required 3D rendering and it ran extremely choppy).Heh, I saw some laughable comments previously to the tune of, "Windows is suckful 'cause it has viruses taking memory, and crashes...etc, etc..."ANY OS will suck if you don't know what processes you have running in the background. And alexia's to comment, it doesn't matter what operating system you use, the same program will generally, if not always has the same memory and cpu requirements. Though, XP -does- have a bigger footprint than other OS's, it is not a bad OS for running games (best one I've ever used for gaming, if you ask me).Anyway, that's my 2 cents.

If you want to be getting bang for buck, then ATi is a whole lot better. On the other hand, ATi drivers don't support OpenGL that well, and their linux drivers are very poor, too. That said, I still love my Radeon stuff, and probably would never buy an NVidia card unless it was shown to perform a whole lot better.

although, DEBIAN is a good and very stable (plus, one of the oldest Linux distro), but considering that it takes 7 CDs to install, that's huge. Another thing; RPM is much better than dpkg (.DEB) since it's simple to use. That's why APT was invented. There's even APT4RPM. DEBIAN also have RPM support on their distro since there are drivers that are RPM ONLY.

 

xboxrulz

59066[/snapback]

Sure, you can use 7 cds... I've currently got the first four, and haven't needed the later one's yet... (considering the earlier cds have the more common, and the last ones have the more obscure).

 

I have to say, I've even tried dpkg and found it so much simpler to use that rpm. I was lucky if I ever got rpm to work like it was supposed to. Could just be me, though.

There was this incredibly dodgy halloweenish teen movie... and the main "hero"'s hand has a mind of it's own. Really crazy... I wish I could remember what it was called. Apart from that, teen movies just awful

Hrmm... sounds like you've got issues other than the hardware, 3.4 ghz P4, 1gb RAM, a Radeon X800.Sheesh, I've got an AMD 2800, 512 mB of ram and a Radeon 9600 and I set the graphics at high quality for almost every game I play.

Every tried sending an error report... if it's a ms app, then chances are if someone else has had the same problem and there is a fix, then there will be an answer in the knowledge base.Else, try the good old uninstall/reinstall.

Firefox - Browse heapsZmud - *drool*Cygwin - all my coding needsNethack - good old text version, too.VNCviewer - all my linux needs

Seems interesting, I wouldn't mind trying out Suse. Eep! xboxrulz... I can't believe I just heard that from you, seeing as you are usually leading some sort of pro-linux rally on here... . Have to agree there, though. I can still do anything that linux does in windows with Cygwin (otherwise there is usually a windows port of it), so, having a dual boot system became rather pointless. (And I was running out of space).On cedega and wine... you would pay $5 a month to play games you've already paid for? Crazy. You've managed to get Wine to work with no fiddling? Incredible. I spent weeks trying to get Starcraft to run on Wine, I eventually gave in and put win98 on instead. (though, that system now has Debian, since win98 somehow corrupted it's bootup, and I couldn't be bothered to fix it...).

Can't find an edit button... must be blind...Seriously though, I've heard both Suse and Gentoo are good, I'd love to give them a try... *wants more computers* *wait a minute, I see a mandrake installation... die*