Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help w/RPC


  • Please log in to reply
2 replies to this topic

#1 JHWKS4ME

JHWKS4ME

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 15 August 2009 - 06:22 PM

Hello,

I have been helped the past month or two with a malware problem that I've been experiencing. Blade helped me and I think my computer is OK now. However, I had noticed that my Automatic Updates hadn't been working, so I tried to run the program today and experienced an issue. I am copying and pasting the e-mail I sent to Blade below. He said it's out of his area of expertise and I should post a new topic here.

I don't know if this has anything to do with my (hopefully, former) virus issues, but I went to check my Microsoft Update this afternoon since it dawned on me that I hadn't seen an automatic update come through in a while. Well, I went to run it and it said that I was missing files that it needed to work. It attempted to re-install those files but always came back with the error code: 0x8007041D. I googled that code and found a solution from Microsoft stating to run "services.msc" and change my RPC log on from NT AUTHORITY\NetworkService (complete with password) to local system account. I rebooted and viola! my MS Update worked fine. In fact, my computer is currently in the process of installing the 18 High-Priority updates I had waiting for me.

My first question is could my automatic updates been turned off by a virus, specifically the one that I had? Second, I found out too late that I can't simply go back and reverse the change I made to the Remote Procedure Calling (RPC) log on setup. I would have to change a registry entry to do so and I couldn't tell from googling whether or not it is best to have the RPC set to log on as a local system account or the NT AUTHORITY\NetworkService. Do you have any idea? Third, if it is OK to keep it on the local system account setting, should I check the "Allow service to interact with desktop" box or leave it unchecked, as it is currently? Again, googling this gave mixed results.

Also, my computer and Internet are running slow right now (since the RPC change), but it's hard to say whether or not it's due to the installtion of the 18 updates. I will write back and let you know if my system is still slow after the installations complete and I restart my system. Thanks for any help you can give me with this.


To update the above e-mail, my computer is running pretty close to regular speed again after the updates installed and I restarted it. Thanks for any help you can give me.

P.S.-Blade said to provide a link to my malware topic with him, so here that is, as well.

http://www.bleepingcomputer.com/forums/t/237247/search-engine-google-bing-etc-link-redirect-problems/

BC AdBot (Login to Remove)

 


#2 JHWKS4ME

JHWKS4ME
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 19 August 2009 - 02:45 AM

Hello? Just wondering if anyone was going to respond to my topic. Thanks.

#3 hamluis

hamluis

    Moderator


  • Moderator
  • 55,883 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:03:48 AM

Posted 19 August 2009 - 09:05 AM

<<My first question is could my automatic updates been turned off by a virus, specifically the one that I had?>>

Of course it's possible. One of the basic features of some malware items...is to disable key protective facets of the system. Windows Updates, AV protection, and other protective facets are always potential targets of malware, since most (if not all) malware items are in self-defense mode when they attack a system.

Additionally...the removal of malware items may also result in system files incurring damage. Thus, even though a given malware item may have been removed, the system remains in a crippled state (unknown to most users).

Troubleshooting these possibilities is practically impossible, although there are known attempted fixes for certain known follow-on effects. Which is why some of us recommend/suggest a repair install attempt after malware removal (to replace potentially damaged/missing system files).

If that fails to bring resolution, sometimes a clean install of XP is the only logical way to deal with situations resulting from malware.

On top of all this...Automatic Updates and WUS have their own share of problems which arise which may have nothing to do with malware. To get an idea of what these encompass...try using Google and type in "automatic updates problems" and take a quick glance.

<<I would have to change a registry entry to do so and I couldn't tell from googling whether or not it is best to have the RPC set to log on as a local system account or the NT AUTHORITY\NetworkService. Do you have any idea?>>

On my systems, RPC is automatic and is logged as as a Network Service.

<<Third, if it is OK to keep it on the local system account setting, should I check the "Allow service to interact with desktop" box or leave it unchecked, as it is currently?>>

My RPC is not logged on as a local system account. I think I would run sfc /scannow or do a repair install to correct that, if I were you...I don't know if it's meaningful, but I like things to be as they should.

If you elect to leave it logged on as a local system account, I would not check the option to allow service to interact, etc.

A little more reading indicates that the way to change the logon back to what it should be...is a registry edit. I suspect that a repair install will also do it, but a registry edit is easier and quicker.

Demystifying the Windows Registry - http://www.bleepingcomputer.com/tutorials/...l74.html#backup

Be advised that any registry edit is potentially problematical...and you should back up your registry before attempting such. A good tool for such is ERUNT Registry Backup Tool - http://www.snapfiles.com/get/erunt.html

Suggested fix: http://phorums.com.au/archive/index.php/t-224061.html Last post by Greg reflects his solution to his situation.

Louis




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users