How to Fix the RPC Virusby M. Alanna White
The RPC, or Remote Procedure Call virus, also referred to as the MSBLAST.EXE worm virus, gains access to your computer or network by attacking Windows vulnerabilities. The most common vulnerability attacked is the Windows DCOM RCP, in cases where users have neglected to install the security patch. Unless removed, this worm virus begins a DoS, or Denial of Service attack, which will shut down your computer and possibly your entire network.
Unplug the Ethernet cables connecting the infected computer to the Internet. Wait for the computer's Internet connection to completely shut down.
Close all programs that are running on this computer. Press CTRL+ALT+DELETE to start the Windows Task Manager. Click "Allow" on the permissions dialog box, if you are running Windows XP.
Click the Processes Tab located at the top of the Task Manager dialog box. Scroll through the list of processes to locate any and all of these processes: "PENIS32.EXE," "TEEKIDS.EXE," "MSBLAST.EXE," "MSLAUGH.EXE," "ENBIEI.EXE" and "MSPATCH.EXE." Select each files you located, one at a time. After selecting a file, select "End Process." Quit the Task Manager.
From the Start menu, click "Accessories." Click "Run." Type "Regedit" in the text box provided, and press ENTER. Locate the Registry file listed as "HKEY_LOCAL_MACHINE" at the left of the screen. Click this file. Locate all EXE formatted files listed in Step 3. Right-click each found file and then press DELETE. Exit the Registry.
Click "Backup and Restore Center," click "System Restore," and then click "Off." From the Start menu, click "Search." Click "Files or Folders." Type "msblast*.*" (without quotation marks) in text box provided. Click "Search Now." Delete all files listed in Step 3 that are displayed then exit search. Open the "Recycle Bin." Click "Empty." Close the Recycle Bin. This will ensure that all files stored within your previous System Restore associated with the RPC virus will not reinstall on your computer. Return to "System Restore" and click "On."
Reconnect your Internet connection. Download and install the newest security patches for your version of Windows from the Microsoft website. The security patches will block all known ports attacked by the RCP virus. Restart your computer. Download and install all updates for your antivirus software. Allow your antivirus software to rescan your computer.