[惡意程式]Remote Procedure Call(RPC)意外終止倒數60秒重開 RRS feed

  • 一般討論

  • 注意!最近有具有類似疾風的惡意程式,會讓電腦出現"Remote Procedure Call(RPC)服務已經意外終止"並倒數60秒重新開機,請各位使用者注意若您的作業系統已經有進行更新,則有可能是病毒發作的徵兆,目前已知部分防毒軟體上無法偵測到此惡意程式。

    若防毒軟體能偵測,可能回報為:Trojan-Downloader.Win32.Agent.ahep、TROJ_AGENT.AIUO 名稱。



    0.當發生倒數訊息,請立即輸入 shutdown -a 嘗試中止關機程序。

    1.查看 Windows 安裝目錄下 system32 是否有 sprint.dll (例如: C:\Windows\System32\sprint.dll)

    2.刪除該檔案,重新開機後是否會重新產生,若會,有可能惡意程式已經將相關登錄檔植入您的電腦當中,請再次刪除 sprint.dll 以及找到電腦當中的 v2messen.exe 這兩個檔案,刪除這兩個檔案。


    *參考PTT AntiVirus 看板。





    2008年9月28日 下午 12:51


  • I also have the same problem since 26/9/08.
    My Trend Micro detected 2 Virus/Trojan files sprint.dll and A0013971.DLL and they have been removed.

    After restarted my computer last night, the file "sprint.dll" is back in system32 folder. I have tried to delete the file but everytime after restarting the machine, the file keeps coming back.

    I have tried to search for the v2messen.exe file but I couldn't find it anywhere in the hard drive.

    Does anyone have any suggest solution of how to stop the sprint.dll file being rebuilded?
    2008年9月29日 上午 05:37
  • HI:
    XP版本要一模一樣,包含Service Pack,如果沒有的話
    請放入你XP安裝光碟,這裡的XP光碟版本也是要一模一樣,包含Service Pack
    "開始"→"執行"→"cmd"→expand X:\I386\Spoolsv.ex_ C:\windows\system32\spoolsv.exe,X是你光碟機代號



    2008年9月29日 上午 09:19
  • 發生一問題,我這邊情況是~沒有上述所提及之檔案,所以無從刪除~~

    此外,昨天下午再次發生rpc意外終止的情況,經輸"shutdown -a"且重開機後,有一段時間沒有再發生rpc意外終止而重開機的情況。




    2008年9月29日 下午 11:16
  • I have similar situation yesterday.

    After doing more research yesterday, I've decided to use the "shutdown -a" function to stop shutting down the computer. At the same time, search and delete the relevant files (I can only find sprint.dll at that time, so I just deleted it)


    After all, I did not receive any rpc message until this morning. But now.. it's back just then while I'm typing this message.


    In regards to the previous suggested solution of replacing the spoolsv file, I'm not so clear about how to do it. I am using an Asus notebook and with the computer, there's an restallation disc contain WinXP SP2 but I've already installed SP3? not sure if the file on disc still work if I replace the same file in my laptop?


    I'm hoping any of the Spyware can work out a solution asap.. it's so annoying as I have to keep the computer on at all time for work.


    Welcome for any more suggestions and would be greatly appreciated Smile Thanks,


    2008年9月30日 上午 02:30
  • 看來微軟已經發現了,反常地在10月24日就發佈更新

    Microsoft 安全性公告 MS08-067

    Server 服務中的弱點可能會允許遠端執行程式碼 (958644)




    2008年10月26日 上午 01:55