Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rpc And Rpc (locator) Disabled


  • Please log in to reply
3 replies to this topic

#1 narik

narik

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 13 December 2005 - 01:26 PM

Hello,
Let me start by saying I'm walking into this issue(s) in the middle. I've been asked to fix the fix that was supposed to fix that fix that broke that fix....LOL.
Lets see I have never had an issue(s) like this before and I'm new to BC.
I will start by giving the history, as I know it. Early last week AVG found a Trojan horse, startpage19.AO. The boss (person who has the Trojan) called a staff member to remove it. That person downloaded many (way more than 15, holy crap I know) virus scanner software app's and many (approx 10) spyware scanners. Most of the app's are the type of scan for free but fix for cash type. But that person uses these types of programs to find the issue then, get ready for this one, goes to the registry and pokes around until something works or breaks to the point where things are really messed up.

So as I'm sure you have figured out things are really messed up.

I have several issues here that I truthfully have never had all at the same time and I not what one would call a windows 2000 pro.

OK letís see. IE still opens to the about:blank. So I think this PC is still loaded with "bug" problems.

But this is the part that scares me a bit. The RPC and PRC (Locator) are disabled this was done by the staff member and when I try to view the properties of them or ANY service nothing happens.
So I being that I was no starting on a clean boot I figured OK go back to square one and start fresh.
Well when I tried to close the Services window, I get a really get little message box telling me to close all Property windows.

So that brings me to my first question. Where are the Property windows?
So I did the reboot. And the same thing happened again. I was sure that a reboot wasn't going to fix this. Oh and I'm logged in as admin.
So now figure what the heck, lets check the system32 folder. And when I get there I can get a count of the number of files in the system32 folder but cannot see a thing.

Now I have an OH CRAP moment.

Then I walk away and the boss wants to print an excel sheet and word doc. And the office suite craps out. I'm guessing that has everything to do with the RPC services being disabled. Am I right on that one?

So as you can see I have a few issues here. This is the bossís PC and he REALLY wants it fixed ASAP!!!

If anyone can help me in anyway I would be most grateful.

BC AdBot (Login to Remove)

 


m

#2 spiritcloud

spiritcloud

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 13 December 2005 - 08:50 PM

Well, you need that RPC going.

Can you start it this way:
In the Services window, select the RPC service(single click only), then in the top menu go to Action, All Tasks>, Start.

That should be a way to start the service without going to the properties.

It's hard to know which other things are malfunctioning due to RPC being off.
Nobility is not a birthright--it is a way of life.

#3 narik

narik
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 14 December 2005 - 09:57 AM

I tried that but the "VCR" button controls are not enabled. AVG did another scan and found a trojan downloader.generic.lwg.
I am still running scans with ad-aware and avg. They are coming up with nothing so that kind of makes me feel better. LOL

I'm very concerned in my newest discovery, none of the microsoft office applications (word, excel, ect ect) are working. The network settings are gone, All installed printers are gone, The search functionality is gone, just to name a few other things. Basicly the default windows stuff.

AHHHHHHHHHHHHHHHHHH!!!

I'm not sure which way to turn. :thumbsup:

I'm a bit worried that so many default microsoft app's are failing.

I have found out a bit more history of what was done before I got involved.

The below forum was used
http://www.geekstogo.com/forum/index.php?act=ST&f=37&t=49137

As far as I know the person got as far as instruction #5 or #6. Basicly the killbox program would not run because the rpc was disabled. I'm thinking this is the root of the issues.

What I would like to know is, is there a way to start the service out side the GUI?

Any help would be great.

I'm really at a loss here.

Edited by narik, 14 December 2005 - 10:56 AM.


#4 spiritcloud

spiritcloud

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 14 December 2005 - 06:41 PM

I wish I was more of a guru on this sort of thing. If any users out there are more advanced, please jump in and help!

That said...lol.

I can't find any info anywhere about that specific Trojan. That is one thing I don't like about AVG--if it finds a virus, it should have info about it on their own web site!

Let's make sure we are in the same place to begin with. Start>Run, then type in services.msc and click ok or hit enter. That brings up the Services window. OK. Now youa re saying in that location, the buttons aren't available, correct? Can you access the pull-down menus at the top?(File Action View Help) Select the RCP service in the list, then in the drop down menus: Action> All Tasks> Start.

I am not sure if there is a way to start a specific service via text command, like a DOS prompt. You might look into the possibility of an .exe file for it.

As for the Microsoft Apps. Maybe you could try reinstalling Office. Also maybe you can go to Add/Remove Programs and see if you can remove certain Windows components that are malfunctioning and then add them back. You'll probably need the Windows cd.

I would also remove all or most of the MANY programs the other guy installed if you haven't already. Especially the pay-to-remove ones.

I would recommend one program you may want to try(perhaps after getting the RPC started). It is called Spy Sweeper. It costs money, but there is a free 14 day trial that will actually remove the stuff found. This program found and removed stuff for my wife that nothing else would.

I'm sorry I am not more help. I a definitely not a specialist on this or anything. I just love PCs and delving into their mysteries. Self-taught and all that.

Good luck! And don't give up on this forum. Maybe someone who knows more will jump in here. heh
Nobility is not a birthright--it is a way of life.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users