TDS-3 and internet problems.

Tonym · Aug 12, 2003

Hi,
I am trying out TDS-3 after a recommendation. It has worked well until yesterday (11/08/03) when I downloaded an update. Now each time I connect to the internet I get a message that the "Generic Host Process of win32 has encountered a problem......", the another box appears with "Remote Procedure Call" (RPC) and a timer that counts down to zero when the whole system closes and restarts. Problem with the download or could it be a fault elsewhere? Help!

LowWaterMark · Aug 12, 2003

Hi Tonym,

Actually the timing on this problem is just a coincidence. The problem is not related to updating TDS. There is a brand new malicious worm sweeping across the Internet that is connecting to people's RPC port (TCP port 135) if they don't have a firewall protecting their systems, and it is causing the failure of RPC (crashing the Generic Host Process) which leads to the 60 second shutdown warnings, bringing down people's systems...

This thread has a lot of technical information on this worm and how it has just escalated:

https://www.wilderssecurity.com/showthread.php?t=11991

But, even if you aren't interested in that, simply put there are two things you need to do to address this. First, if you could install a software firewall, (something like Zone Alarm or any other), it would block any new incoming attempts against your system. And secondly, you need to go to Microsoft's Windows Update and get all the latest patches. This new RPC vulnerability is wrecking havoc all over the Internet right now because people don't have either firewalls or the current patches.

If this exploit has caused a worm to be deposited on your system, you need to update your AV product with the latest virus definitions, (almost all AV vendors have put out special updates in the last 24 hours for this), and scan your whole system.

One sign that you do have this particular worm infection is the presence of this auto-startup key:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows auto update" = "msblast.exe"

Tonym · Aug 12, 2003

Hi LowWaterMark,

thanks for your very quick reply. I will try your suggested solutions when I get back to my home PC. also thanks for the link to the thread about the wider problem itself.

Jooske · Aug 12, 2003

If you like to try out WormGuard in the same time, add that msblast.exe to the blocked file list.
I'm bombarded with TCP 135 portscans on my firewall.
There is additional adviced at least block ports 69, 135, 4444 for incoming and outbound traffic, 137 and 139 you probably had already blocked all on highest security.
And keep scanning on your system, every day updated, every scan option checked and on highest sensitivity and maybe not a bad idea to do those Full System Scans on a daily basis (take a moment when you are away from the system so you're not bothered by it )

Gavin - DiamondCS · Aug 13, 2003

If your PC tries to shut down like this, click START | RUN and type

shutdown -a

Press OK ! I hope more users are spreading the word that you can do this then grab the patch without letting it reboot

Log in or Sign up

TDS-3 and internet problems.

Tonym Guest

LowWaterMark Administrator

Tonym Guest

Jooske Registered Member

Gavin - DiamondCS Former DCS Moderator

Log in or Sign up

TDS-3 and internet problems.

Tonym Guest

LowWaterMark Administrator

Tonym Guest

Jooske Registered Member

Gavin - DiamondCS Former DCS Moderator

Useful Searches