TDS-3 and internet problems.

Discussion in 'Trojan Defence Suite' started by Tonym, Aug 12, 2003.

Thread Status:
Not open for further replies.
  1. Tonym

    Tonym Guest

    I am trying out TDS-3 after a recommendation. It has worked well until yesterday (11/08/03) when I downloaded an update. Now each time I connect to the internet I get a message that the "Generic Host Process of win32 has encountered a problem......", the another box appears with "Remote Procedure Call" (RPC) and a timer that counts down to zero when the whole system closes and restarts. Problem with the download or could it be a fault elsewhere? Help!
  2. LowWaterMark

    LowWaterMark Administrator

    Aug 10, 2002
    New England
    Hi Tonym,

    Actually the timing on this problem is just a coincidence. The problem is not related to updating TDS. There is a brand new malicious worm sweeping across the Internet that is connecting to people's RPC port (TCP port 135) if they don't have a firewall protecting their systems, and it is causing the failure of RPC (crashing the Generic Host Process) which leads to the 60 second shutdown warnings, bringing down people's systems...

    This thread has a lot of technical information on this worm and how it has just escalated:

    But, even if you aren't interested in that, simply put there are two things you need to do to address this. First, if you could install a software firewall, (something like Zone Alarm or any other), it would block any new incoming attempts against your system. And secondly, you need to go to Microsoft's Windows Update and get all the latest patches. This new RPC vulnerability is wrecking havoc all over the Internet right now because people don't have either firewalls or the current patches.

    If this exploit has caused a worm to be deposited on your system, you need to update your AV product with the latest virus definitions, (almost all AV vendors have put out special updates in the last 24 hours for this), and scan your whole system.

    One sign that you do have this particular worm infection is the presence of this auto-startup key:

    "Windows auto update" = "msblast.exe"
  3. Tonym

    Tonym Guest

    Hi LowWaterMark,

    thanks for your very quick reply. I will try your suggested solutions when I get back to my home PC. also thanks for the link to the thread about the wider problem itself.
  4. Jooske

    Jooske Registered Member

    Feb 12, 2002
    Netherlands, EU near the sea
    If you like to try out WormGuard in the same time, add that msblast.exe to the blocked file list.
    I'm bombarded with TCP 135 portscans on my firewall.
    There is additional adviced at least block ports 69, 135, 4444 for incoming and outbound traffic, 137 and 139 you probably had already blocked all on highest security.
    And keep scanning on your system, every day updated, every scan option checked and on highest sensitivity and maybe not a bad idea to do those Full System Scans on a daily basis (take a moment when you are away from the system so you're not bothered by it :) )
  5. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Feb 10, 2002
    Perth, Western Australia
    If your PC tries to shut down like this, click START | RUN and type

    shutdown -a

    Press OK ! I hope more users are spreading the word that you can do this then grab the patch without letting it reboot :)
Thread Status:
Not open for further replies.