Yesterday i got the message that my computer will restart in one minute due to some RPC thing. I immidiatly went for Norton because i thought id gotten the blaster virus. But norton was not running anymore..

I tried to run norton, but it just said Critical Attention in big red letters before shutting down after approx 5 seconds. So.. i downloaded the trial of AVG, and ran a scan. It found the virus worm/agobot and deleted it. Or at least so it said. After the virus was "removed" i still got the message popping up from time to time.. I wanted to check the registry, but it shut down immidiatly. I couldnt run wincfg either. So after a lot of trial and error i surrendered an formatted my entire hard drive (i only have one, with only one partition), reinstalled windows and before i even get to think about doing anything at all the message pops up again. AVG cant find any virus, but i still cant run regedit. This happened without me entering any kind of anything. No email, no MSN, no P2P networking. Still it seemed to be back. I still cant enter regedit either.

When i get the message i can however, if im quick, jump down in the start menu and run "shutdown -a" which brings it to a halt.

But how on earth can the virus survive a full format of my hard drive? And how the hell to get rid of it? It also seems its stopping me from using the proper Windows updates, as those always crash after 1-3 seconds.

Anybody have a good answer?

When you formatted your HD, did you first remove all partitions? There is a small, 8 MEG partition that XP keeps for its own use and it's easy to miss. If the virus (somehow) established itself there, that may be the reason you still have it. OR it may be on one of the programs you installed after installing Windows.
Try booting into Safe Mode. That loads only the essential system files to boot your computer. Now go into the Register, H_KEY LOCAL MACHINE,Run Hive, and look for the virus reference in the Run hive and delete it. Also check the Run Hive in the H_KEY CURRENT USER. That stops it from loading on boot. Okay, now do search on your C drive for the virus name in the Run file, and delet the virus. It probably will be in the Windows\System32 directory, but not necessarily.
If no joy, I suggest using Trend Micro's website for their free online scan. They are very good.
Keep us posted, and good hunting!

It is hitting you through the RPC bug in Windows XP, through your Internet connection.

On an unprotected system all it takes is a few seconds connected too the Internet to get infected, (OK maybe a minute on dial-up).

When installing XP, you have to disconnect your machine from any Internet connection.

Once XP is installed, you have to go in and manually enable its in-bound firewall.

Once you reboot and verify the firewall is enabled, it is safe to connect to the Internet and download all of the Windows XP updates, which also block the virus.

Thank You so much JackG. You solved my problem and saved my life (kinda). I would hug you or give you a flower, but its kinda hard through the internet, so youll have to do with a cheap internet replacement..

*bearhug* :D

Thank you.

I am having the same problem on my machine, only I can no even log in before I receive the message stating the the machine will restart in 60 seconds.

I was wondering if you are anyone else knows how to get around this as I am not able to do anything before this occurs.

Thanks