I came to the forum to ask for help about a problem and found it is probably related to the RPC alert posted by mjc. Therefore I was not sure whether to post into an existing thread or start a new thread. I decided to post a new thread and apologise if this was the wrong decision.

During past 24 hours every time I access the net my connection has been broken after a very short time by a message “ Generic Host Process for Win32 Server has encountered a problem and needs to close” This has been followed by a message from Remote Procedure Call service stating that Windows is closing down.

Initially I did nothing and allowed Windows to close and re-start. However, rather foolishly, after several closures I did accept the invitation at the bottom of the “Generic Host…” message window to send the error report to Microsoft. The outgoing message was intercepted by my firewall but I allowed it to continue.

My virus definitions were updated 4 days ago and I have just done a full scan which gave a clean report.

My questions are:-
1. Can I use another computer to download the Microsoft Patch to a zip drive and then install the patch from the zip to my computer? (Currently I cannot maintain a connection long enough to download on the affected computer)

2. Will the patch cure the problem?

3. Have I compromised my firewall protection?

My:- OS is XP Home v. 5. Build 2600
IE v. 6.0.2600
OE v. 6.00.2600
McAfee VirusScan Pro v. 7.02.600
McAfee Firewall v. 4.02.6000

Sorry for length of post. All advice gratefully received.

What AV are you using. Most have been updated in the last day or so. Check for an update and run again or try an online scan with Trend Micro's Housecall.

1. You could download the patch on another computer and install on yours, yes. You could also do this: go to Start>Run type services.msc and press enter. In the right pane find Remote Procedure Call(RPC). Right click and select properties>recovery. You can set it to do what you want it to do when it fails, ie, "take no action". This will stop the computer from shutting down when the failure happens long enough to d/l the patch. Set it back once you do.

2. The patch is intended to prevent the problem. If you are infected by any of the worms/bots it will not cure it.

3.If you are infected your firewall has already been compromised.

Edit- sorry missed that you are using McAfee. Check here (http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100547) for their info.You need DAT 4284 to detect this.

Yes, most AVs have been updated...even AVG (and AVG is aggressive about detecting this one...there have been some reports of AVG finding it in non-standard locations, even with AVG set to scan C:\ only.)

Thanks guys for prompt and effective advice as usual.

malcore, your tip about disabling RPC did the trick and allowed me to download patch without interruption.
Scans have failed to find any infection but Mcafee say this is not unusual - I have not been infected but "simply exploited" whatever that might mean. The important thing is that everything seems to be OK now.
Thanks again.