RpcSs killing processes in Windows 2000

For the last two days I’ve been struggling with a particularly irritating computer problem. I was called on Monday morning to say a Windows 2000 machine had a virus. An initial glance suggested spyware was killing processes: Explorer worked fine, but anything else – task manager included – was shut down immediately. This is pretty standard stuff for spyware, and I didn’t anticipate much trouble. Sadly, I was wrong.

I deleted an obvious ‘Windows Antispyware 2008’ to no effect, and virus / anti-spyware scans revealed nothing. I shut down all the non-essential services I could find, and even ran a quick scan for rootkits, but couldn’t find anything.

The problem was also there in Safe Mode, but not, I discovered by total chance, in Safe Mode with Networking. That was weird. The latter *should* just be the former + a network driver. This seemed consistent, then it happened once in SFw/N, and I started to think it might be hardware.

Admittedly it all felt a bit specific for that – you’d think hardware would kill everything, not just certain programs – but it could be to do with power draw. Plus, PSU problems have been known to have very weird symptoms. But a test PSU made no difference, the RAM checked out fine, and the (8-year-old) hard drive passed its fitness test. I thought I was onto something when I spotted the cpu fan slowing down and stopping in everything but SFw/N, but this was a red herring1.

I eventually tracked it down by comparing the running processes in Safe Mode and Safe Mode w/ Networking (by repeatedly opening task manager and writing down names before it got nuked). The former, bizarrely, had an extra svchost.exe running. svchost.exe is a generic holder for background programs, and I needed more details. This is easy enough in XP, but in Windows 2000 you need the tlist support tool. The process turned out to be RpcSs: Remote Procedure Call. This was a new one on me, but it essentially controls background communications between programs. Disabling it solved the problem, but created a thousand more.

Turns out, RpcSS is vital. And here’s where I got stuck. I just couldn’t find any elegant ways to fix it. RpcSS is too low-level and important, and can’t simply be reinstalled. Eventually I went with the old-school Magic Fix: the repair install. This just installs Windows over the top of itself, and while it’s often equivalent to using a sledgehammer to crack a wotsit, it generally solves the problem. Not this time. Windows died, and wouldn’t come back. In the end I was forced to reinstall from scratch, which is always the last resort2.

That’s really irritating. Usually, the hard part is diagnosing the problem. Once I know what’s going wrong, it’s just a matter of research and thinking it through. It’s rare that I can know what’s wrong but be unable to do anything about it. My best guess is the initial spyware somehow took out RpcSS. Windows 2000 is a bit old-and-busted now, and I’m hoping XP is better secured against such things.

I’m mainly blogging this for googlers facing similar issues. I couldn’t find any references to problems manifesting in Safe Mode but not Safe Mode with Networking. Very odd one.

  1. the motherboard was actually slowing down the processor so it could disable the fan and keep things quiet. I turned this off. []
  2. Also I’d forgotten Windows 2000 comes with IE5.0. Ugh. []

No more Twitter SMS in the UK

Twitter have turned off SMS updates for anywhere outside the USA, Canada or India, because they can’t afford it. Mobile networks charge per SMS, so Twitter have been footing a bill they say averages to $1000/user/year1. They’ve negotiated deals in the aforementioned areas, but elsewhere it’s just too much. So here in the UK we’ll still be able to update via text, but we won’t receive anything. It’s a shame.

I don’t blame twitter at all, but it’s irritating to go backwards – I regularly have impromptu five-minute twitter exchanges, and they’re fun. And sometimes useful, too. A general I-have-a-problem tweet can reach lots of people, and often there’ll be someone who can help.

Having said that, the solution is on the horizon. 3G speeds mean modern phones can just use the Internet to exchange tweets (or whatever), and so bypass the operators’ extortionate methods. The data in a text message is insanely expensive: a 5p 150-character SMS adds up to £374 per mb.. But mobile broadband costs are far more reasonable: Three have a 3G tariff that’s £15/1gb/month2. There are already numerous twitter clients for mobiles3, so that’ll take over eventually. But for now: bummer.

  1. which, given their 250 weekly-limit, implies $4 per SMS. Seems high. talking nonsense. Actually implies ~$0.08 per sms, as pointed out in the comments. []
  2. My current provider – Orange – have nothing comparable, but they’ve always been a bit behind the times []
  3. particularly the iPhone, which I’m still lusting after, but the contracts are too much atm []

Halfway

Just passed 25,000 words, which is a pleasing milestone in itself, but more importantly means I’m on track for the first time since Day Two. Hooray!

I’ve been a little distracted today after waking up with a completely blocked ear. This happens to me once a year, and I hate it more than I despise the first guy who sat down and thought ‘hmm, this tiny tree thing tastes gross, I shall market it as a vegetable and make millions’. Is so bloody annoying. I can’t drive or get much sense of sound direction without doing lighthouse impressions, and it hurts if I don’t soften it up with ear drops every few hours. On a couple of occasions I’ve been able to fix the problem with, um, unorthodox methods that hurt rather a lot, but it’s always taken four to five days, plus Nod justifiably tells me off for messing about with my hearing 🙂 Unfortunately I have dancing, a guitar lesson, a computer-related trip to Walsall and a job interview in the next five days, and would like to avoid cancelling them all. As ever, the doctors only have syringing sessions on Tuesdays, so I had to decide between sticking it out or paying for a private clinic. I finally decided to go for the latter, although it’s bloody expensive at £65. They can do it tomorrow afternoon, however, and it’s just about worth it. Just. I need to figure out how I’m going to get to Solihull and back, mind.