Patrickske: svchost/rpc crashes

It is probably the blaster or sasser worm. Most likely blaster, because of the rpcss.dll message there.

Try running Stinger-- it detects and removes both viruses, along with about 40 others :)

I doubt it is a virus, but I'm willing to scan my system for the 4th time. I don't have anything to lose ;-)

I'm scanning right now!

Try running Stinger-- it detects and removes both viruses, along with about 40 others :)

You might also want to check your system for spyware/adware/malware if you haven't already. Read through some of the posts in our Security forum for instructions on downloading and using a few of the useful (and free) detection/removal utilities:

Ad Aware
SpyBot
SpywareBlaster
HijackThis

So what are your results everything cool now or not?

Reply to alc6379: My system was clean, no virus found

Reply to DMR: I don't have any spyware installed, unless by some magical reason it got my system within 10 minutes. I had just installed my computer with Windows 2003 when the SVCHOST started to crash (and the computer started to reboot).

I changed the RPC-service settings for when it crashes. It no longer reboots now. Also I downloaded all updates from the M$ site.

I don't know if the service had crashed today, since I'm not home to log in and look at the event log.

I do know that the system is up and running the whole day now, but that's all I know at the moment.

Pat you have a legal copy of Win2K3 Server?

It is definitely the blaster or sasser worm. These are worms, not viruses that you have to download. Worms just run around in the net looking for vulnerable machine then sneak in, no install or download required. I installed Windows in a couple of systems and got the same error after being connected to the internet for only 10 minutes. Now, I always install a firewall and turn on Windows firewall before I put a system on the net. In addition, keep your system updated. If all you did was turn of your RPC then you still could be infected and are hosting the worm to the rest of the world, Thankz.

Pat you have a legal copy of Win2K3 Server?

Uhm... :o no...
btw.... I don't have any problems... it seems that the problems stopped after I installed updates.

It is definitely the blaster or sasser worm. These are worms, not viruses that you have to download. Worms just run around in the net looking for vulnerable machine then sneak in, no install or download required. I installed Windows in a couple of systems and got the same error after being connected to the internet for only 10 minutes. Now, I always install a firewall and turn on Windows firewall before I put a system on the net. In addition, keep your system updated. If all you did was turn of your RPC then you still could be infected and are hosting the worm to the rest of the world, Thankz.

Sasser is indeed a worm, but I don't think it was a worm. I tried the latest virus removal tools from symantec and mcaffee. Those tools should also kill the sasser worm, if it was on my system, but the tools didn't found anything.

I didn't turn off the RPC, I just configured in a way that it would not reboot when the service crashed.
I still should see an entry in the event-viewer when that service crashes, but my event-log is clean. (read: No wierd things)

Greets
Patrick

need help one on one please call me at 586-675-9000 cant get desktop items back or format.

Right on,your phone should be ringing now!:)

What a nice guy too bad nobody calls me ha I learned my lessons.